X-Git-Url: https://git.rapsys.eu/userbundle/blobdiff_plain/1b0c403fa81cd24162f6fc25fd3175e75d30d117..8c7e4a997b0702644721f19aadc9cce12594ea20:/Controller/DefaultController.php?ds=inline
diff --git a/Controller/DefaultController.php b/Controller/DefaultController.php
index cfd3e1f..7e16358 100644
--- a/Controller/DefaultController.php
+++ b/Controller/DefaultController.php
@@ -2,15 +2,24 @@
namespace Rapsys\UserBundle\Controller;
+use Symfony\Bridge\Twig\Mime\TemplatedEmail;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\DependencyInjection\ContainerInterface;
-use Symfony\Bundle\FrameworkBundle\Translation\Translator;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
+use Symfony\Component\Form\FormError;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
+use Symfony\Component\Mailer\MailerInterface;
+use Symfony\Component\Mime\Address;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+use Symfony\Component\Routing\RouterInterface;
use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
-use Symfony\Component\Form\FormError;
-use Rapsys\UserBundle\Utils\Slugger;
+use Symfony\Component\Translation\TranslatorInterface;
+use Psr\Log\LoggerInterface;
+
+use Rapsys\PackBundle\Util\SluggerUtil;
class DefaultController extends AbstractController {
//Config array
@@ -19,357 +28,910 @@ class DefaultController extends AbstractController {
//Translator instance
protected $translator;
- public function __construct(ContainerInterface $container, Translator $translator) {
+ /**
+ * Constructor
+ *
+ * @TODO: move all canonical and other view related stuff in an user AbstractController like in RapsysAir render feature !!!!
+ *
+ * @param ContainerInterface $container The containter instance
+ * @param RouterInterface $router The router instance
+ * @param TranslatorInterface $translator The translator instance
+ */
+ public function __construct(ContainerInterface $container, RouterInterface $router, TranslatorInterface $translator) {
//Retrieve config
$this->config = $container->getParameter($this->getAlias());
//Set the translator
$this->translator = $translator;
+
+ //Get request stack
+ $stack = $container->get('request_stack');
+
+ //Get current request
+ $request = $stack->getCurrentRequest();
+
+ //Get current locale
+ $currentLocale = $request->getLocale();
+
+ //Set locale
+ $this->config['context']['locale'] = str_replace('_', '-', $currentLocale);
+
+ //Set translate array
+ $translates = [];
+
+ //Look for keys to translate
+ if (!empty($this->config['translate'])) {
+ //Iterate on keys to translate
+ foreach($this->config['translate'] as $translate) {
+ //Set tmp
+ $tmp = null;
+ //Iterate on keys
+ foreach(array_reverse(explode('.', $translate)) as $curkey) {
+ $tmp = array_combine([$curkey], [$tmp]);
+ }
+ //Append tree
+ $translates = array_replace_recursive($translates, $tmp);
+ }
+ }
+
+ //Inject every requested route in view and mail context
+ foreach($this->config as $tag => $current) {
+ //Look for entry with title subkey
+ if (!empty($current['title'])) {
+ //Translate title value
+ $this->config[$tag]['title'] = $translator->trans($current['title']);
+ }
+
+ //Look for entry with route subkey
+ if (!empty($current['route'])) {
+ //Generate url for both view and mail
+ foreach(['view', 'mail'] as $view) {
+ //Check that context key is usable
+ if (isset($current[$view]['context']) && is_array($current[$view]['context'])) {
+ //Merge with global context
+ $this->config[$tag][$view]['context'] = array_replace_recursive($this->config['context'], $this->config[$tag][$view]['context']);
+
+ //Process every routes
+ foreach($current['route'] as $route => $key) {
+ //With confirm route
+ if ($route == 'confirm') {
+ //Skip route as it requires some parameters
+ continue;
+ }
+
+ //Set value
+ $value = $router->generate(
+ $this->config['route'][$route]['name'],
+ $this->config['route'][$route]['context'],
+ //Generate absolute url for mails
+ $view=='mail'?UrlGeneratorInterface::ABSOLUTE_URL:UrlGeneratorInterface::ABSOLUTE_PATH
+ );
+
+ //Multi level key
+ if (strpos($key, '.') !== false) {
+ //Set tmp
+ $tmp = $value;
+
+ //Iterate on key
+ foreach(array_reverse(explode('.', $key)) as $curkey) {
+ $tmp = array_combine([$curkey], [$tmp]);
+ }
+
+ //Set value
+ $this->config[$tag][$view]['context'] = array_replace_recursive($this->config[$tag][$view]['context'], $tmp);
+ //Single level key
+ } else {
+ //Set value
+ $this->config[$tag][$view]['context'][$key] = $value;
+ }
+ }
+
+ //Look for successful intersections
+ if (!empty(array_intersect_key($translates, $this->config[$tag][$view]['context']))) {
+ //Iterate on keys to translate
+ foreach($this->config['translate'] as $translate) {
+ //Set keys
+ $keys = explode('.', $translate);
+
+ //Set tmp
+ $tmp = $this->config[$tag][$view]['context'];
+
+ //Iterate on keys
+ foreach($keys as $curkey) {
+ //Without child key
+ if (!isset($tmp[$curkey])) {
+ //Skip to next key
+ continue(2);
+ }
+
+ //Get child key
+ $tmp = $tmp[$curkey];
+ }
+
+ //Translate tmp value
+ $tmp = $translator->trans($tmp);
+
+ //Iterate on keys
+ foreach(array_reverse($keys) as $curkey) {
+ //Set parent key
+ $tmp = array_combine([$curkey], [$tmp]);
+ }
+
+ //Set value
+ $this->config[$tag][$view]['context'] = array_replace_recursive($this->config[$tag][$view]['context'], $tmp);
+ }
+ }
+
+ //With view context
+ if ($view == 'view') {
+ //Get context path
+ $pathInfo = $router->getContext()->getPathInfo();
+
+ //Iterate on locales excluding current one
+ foreach($this->config['locales'] as $locale) {
+ //Set titles
+ $titles = [];
+
+ //Iterate on other locales
+ foreach(array_diff($this->config['locales'], [$locale]) as $other) {
+ $titles[$other] = $translator->trans($this->config['languages'][$locale], [], null, $other);
+ }
+
+ //Retrieve route matching path
+ $route = $router->match($pathInfo);
+
+ //Get route name
+ $name = $route['_route'];
+
+ //Unset route name
+ unset($route['_route']);
+
+ //With current locale
+ if ($locale == $currentLocale) {
+ //Set locale locales context
+ $this->config[$tag][$view]['context']['canonical'] = $router->generate($name, ['_locale' => $locale]+$route, UrlGeneratorInterface::ABSOLUTE_URL);
+ } else {
+ //Set locale locales context
+ $this->config[$tag][$view]['context']['alternates'][$locale] = [
+ 'absolute' => $router->generate($name, ['_locale' => $locale]+$route, UrlGeneratorInterface::ABSOLUTE_URL),
+ 'relative' => $router->generate($name, ['_locale' => $locale]+$route),
+ 'title' => implode('/', $titles),
+ 'translated' => $translator->trans($this->config['languages'][$locale], [], null, $locale)
+ ];
+ }
+
+ //Add shorter locale
+ if (empty($this->config[$tag][$view]['context']['alternates'][$slocale = substr($locale, 0, 2)])) {
+ //Add shorter locale
+ $this->config[$tag][$view]['context']['alternates'][$slocale] = [
+ 'absolute' => $router->generate($name, ['_locale' => $locale]+$route, UrlGeneratorInterface::ABSOLUTE_URL),
+ 'relative' => $router->generate($name, ['_locale' => $locale]+$route),
+ 'title' => implode('/', $titles),
+ 'translated' => $translator->trans($this->config['languages'][$locale], [], null, $locale)
+ ];
+ }
+ }
+ }
+ }
+ }
+ }
+ }
}
- //FIXME: we need to change the $this->container->getParameter($alias.'.xyz') to $this->container->getParameter($alias)['xyz']
- public function loginAction(Request $request, AuthenticationUtils $authenticationUtils) {
- //Get template
- $template = $this->config['login']['template'];
- //Get context
- $context = $this->config['login']['context'];
-
- //Create the form according to the FormType created previously.
- //And give the proper parameters
- $form = $this->createForm('Rapsys\UserBundle\Form\LoginType', null, array(
- // To set the action use $this->generateUrl('route_identifier')
- 'action' => $this->generateUrl('rapsys_user_login'),
- 'method' => 'POST'
- ));
+ /**
+ * Confirm account from mail link
+ *
+ * @param Request $request The request
+ * @param UserPasswordEncoderInterface $encoder The password encoder
+ * @param SluggerUtil $slugger The slugger
+ * @param MailerInterface $mailer The mailer
+ * @param string $mail The shorted mail address
+ * @param string $extra The serialized then shorted extra array
+ * @param string $hash The hashed password
+ * @return Response The response
+ */
+ public function confirm(Request $request, UserPasswordEncoderInterface $encoder, SluggerUtil $slugger, MailerInterface $mailer, $mail, $extra, $hash) {
+ //Get doctrine
+ $doctrine = $this->getDoctrine();
- //Get the login error if there is one
- if ($error = $authenticationUtils->getLastAuthenticationError()) {
- //Get translated error
- $error = $this->translator->trans($error->getMessageKey());
+ //With invalid hash
+ if ($hash != $slugger->hash($mail.$extra)) {
+ //Throw bad request
+ throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
+ }
- //Add error message to mail field
- $form->get('mail')->addError(new FormError($error));
+ //Get mail
+ $mail = $slugger->unshort($smail = $mail);
+
+ //Without valid mail
+ if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) {
+ //Throw bad request
+ throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $mail]));
}
- //Last username entered by the user
- if ($lastUsername = $authenticationUtils->getLastUsername()) {
- $form->get('mail')->setData($lastUsername);
+ //With existing subscriber
+ if ($doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail)) {
+ //Add error message mail already exists
+ $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail]));
+
+ //Redirect to user view
+ return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']);
}
- //Render view
- return $this->render($template, $context+array('form' => $form->createView(), 'error' => $error));
+ //Get extra
+ $extra = $slugger->unserialize($sextra = $extra);
+
+ //Without valid extra
+ if (!is_array($extra)) {
+ //Throw bad request
+ throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'extra', '%value%' => $sextra]));
+ }
+
+ //Extract names and pseudonym from mail
+ $names = explode(' ', $pseudonym = ucwords(trim(preg_replace('/[^a-zA-Z]+/', ' ', current(explode('@', $mail))))));
+
+ //Get manager
+ $manager = $doctrine->getManager();
+
+ //Init reflection
+ $reflection = new \ReflectionClass($this->config['class']['user']);
+
+ //Create new user
+ $user = $reflection->newInstance();
+
+ //Set mail
+ $user->setMail($mail);
+
+ //Set default value
+ $default = [
+ 'civility(title)' => $this->config['default']['civility'],
+ 'pseudonym' => $pseudonym,
+ 'forename' => $names[0]??$pseudonym,
+ 'surname' => $names[1]??$pseudonym,
+ 'password' => $encoder->encodePassword($user, $mail),
+ 'active' => true
+ ];
+
+ //Iterate on each default value
+ //TODO: store add/set action between [] ???
+ foreach($extra+$default as $key => $value) {
+ //Set member
+ $member = $key;
+
+ //With title entity
+ if (substr($key, -strlen('(title)')) === '(title)') {
+ //Remove field info
+ $member = substr($member, 0, -strlen('(title)'));
+
+ //Get object as value
+ $value = $doctrine->getRepository($this->config['class'][$member])->findOneByTitle($value);
+ //With id entity
+ } elseif (substr($key, -strlen('(id)')) === '(id)') {
+ //Remove field info
+ $member = substr($member, 0, -strlen('(id)'));
+
+ //Get object as value
+ $value = $doctrine->getRepository($this->config['class'][$key])->findOneById($value);
+ }
+
+ //Set value
+ $user->{'set'.ucfirst($member)}($value);
+
+ //Unset extra value
+ unset($extra[$key]);
+ }
+
+ //Iterate on default group
+ foreach($this->config['default']['group'] as $i => $groupTitle) {
+ //Fetch group
+ if (($group = $doctrine->getRepository($this->config['class']['group'])->findOneByTitle($groupTitle))) {
+ //Set default group
+ //XXX: see vendor/symfony/security-core/Role/Role.php
+ $user->addGroup($group);
+ //Group not found
+ } else {
+ //Throw exception
+ //XXX: consider missing group as fatal
+ throw new \Exception(sprintf('Group from rapsys_user.default.group[%d] not found by title: %s', $i, $groupTitle));
+ }
+ }
+
+ $user->setCreated(new \DateTime('now'));
+ $user->setUpdated(new \DateTime('now'));
+
+ //Persist user
+ $manager->persist($user);
+
+ //Try saving in database
+ try {
+ //Send to database
+ $manager->flush();
+
+ //Add error message mail already exists
+ $this->addFlash('notice', $this->translator->trans('Your account has been created'));
+ //Catch double subscription
+ } catch (\Doctrine\DBAL\Exception\UniqueConstraintViolationException $e) {
+ //Add error message mail already exists
+ $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail]));
+ }
+
+ //Redirect to user view
+ return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']);
}
- public function registerAction(Request $request, UserPasswordEncoderInterface $encoder) {
- //Get mail template
- $mailTemplate = $this->config['register']['mail_template'];
- //Get mail context
- $mailContext = $this->config['register']['mail_context'];
- //Get template
- $template = $this->config['register']['template'];
- //Get context
- $context = $this->config['register']['context'];
- //Get home name
- $homeName = $this->config['contact']['home_name'];
- //Get home args
- $homeArgs = $this->config['contact']['home_args'];
- //Get contact name
- $contactName = $this->config['contact']['name'];
- //Get contact mail
- $contactMail = $this->config['contact']['mail'];
- //TODO: check if doctrine orm replacement is enough with default classes here
- //Get class user
- $classUser = $this->config['class']['user'];
- //Get class group
- $classGroup = $this->config['class']['group'];
- //Get class title
- $classTitle = $this->config['class']['title'];
-
- //Create the form according to the FormType created previously.
- //And give the proper parameters
- $form = $this->createForm('Rapsys\UserBundle\Form\RegisterType', null, array(
- // To set the action use $this->generateUrl('route_identifier')
- 'class_title' => $classTitle,
- 'action' => $this->generateUrl('rapsys_user_register'),
+ /**
+ * Edit account by shorted mail
+ *
+ * @param Request $request The request
+ * @param SluggerUtil $slugger The slugger
+ * @param string $mail The shorted mail address
+ * @return Response The response
+ */
+ public function edit(Request $request, SluggerUtil $slugger, $mail) {
+ //Get doctrine
+ $doctrine = $this->getDoctrine();
+
+ //Get mail
+ $mail = $slugger->unshort($smail = $mail);
+
+ //With existing subscriber
+ if (empty($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) {
+ var_dump($mail);
+ //Throw not found
+ //XXX: prevent slugger reverse engineering by not displaying decoded mail
+ throw $this->createNotFoundException($this->translator->trans('Unable to find account %mail%', ['%mail%' => $smail]));
+ }
+
+ //Get user token
+ $token = new UsernamePasswordToken($user, null, 'none', $user->getRoles());
+
+ //Check if guest
+ $isGuest = $this->get('rapsys_user.access_decision_manager')->decide($token, ['ROLE_GUEST']);
+
+ //Prevent access when not admin, user is not guest and not currently logged user
+ if (!$this->isGranted('ROLE_ADMIN') && empty($isGuest) && $user != $this->getUser()) {
+ //Throw access denied
+ //XXX: prevent slugger reverse engineering by not displaying decoded mail
+ throw $this->createAccessDeniedException($this->translator->trans('Unable to access user: %mail%', ['%mail%' => $smail]));
+ }
+
+ //Create the RegisterType form and give the proper parameters
+ $form = $this->createForm($this->config['register']['view']['form'], $user, [
+ //Set action to register route name and context
+ 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']),
+ //Set civility class
+ 'civility_class' => $this->config['class']['civility'],
+ //Set civility default
+ 'civility_default' => $doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']),
+ //Disable mail
+ 'mail' => $this->isGranted('ROLE_ADMIN'),
+ //Disable password
+ //XXX: prefer a reset on login to force user unspam action
+ 'password' => false,
+ //Set method
'method' => 'POST'
- ));
+ ]);
if ($request->isMethod('POST')) {
- // Refill the fields in case the form is not valid.
+ //Refill the fields in case the form is not valid.
$form->handleRequest($request);
if ($form->isValid()) {
//Set data
$data = $form->getData();
- //Translate title
- $mailContext['title'] = $this->translator->trans($mailContext['title']);
+ //Get manager
+ $manager = $doctrine->getManager();
- //Translate title
- $mailContext['subtitle'] = $this->translator->trans($mailContext['subtitle'], array('%name%' => $data['forename'].' '.$data['surname'].' ('.$data['pseudonym'].')'));
+ //Queue snippet save
+ $manager->persist($data);
- //Translate subject
- $mailContext['subject'] = $this->translator->trans($mailContext['subject'], array('%title%' => $mailContext['title']));
+ //Flush to get the ids
+ $manager->flush();
- //Translate message
- $mailContext['message'] = $this->translator->trans($mailContext['message'], array('%title%' => $mailContext['title']));
+ //Add notice
+ $this->addFlash('notice', $this->translator->trans('Account %mail% updated', ['%mail%' => $mail]));
- //Create message
- $message = \Swift_Message::newInstance()
- ->setSubject($mailContext['subject'])
- ->setFrom(array($contactMail => $contactName))
- ->setTo(array($data['mail'] => $data['forename'].' '.$data['surname']))
- ->setBody($mailContext['message'])
- ->addPart(
- $this->renderView(
- $mailTemplate,
- $mailContext+array(
- 'home' => $this->get('router')->generate($homeName, $homeArgs, UrlGeneratorInterface::ABSOLUTE_URL)
- )
- ),
- 'text/html'
- );
-
- //Get doctrine
- $doctrine = $this->getDoctrine();
+ //Redirect to user view
+ //TODO: extract referer ??? or useless ???
+ return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']);
- //Get manager
- $manager = $doctrine->getManager();
+ //Redirect to cleanup the form
+ return $this->redirectToRoute('rapsys_air', ['user' => $data->getId()]);
+ }
+ } else {
+ //Add notice
+ $this->addFlash('notice', $this->translator->trans('To change your password login with your mail %mail% and any password then follow the procedure', ['%mail%' => $mail]));
+ }
- //Init reflection
- $reflection = new \ReflectionClass($classUser);
+ //Render view
+ return $this->render(
+ //Template
+ $this->config['edit']['view']['name'],
+ //Context
+ ['form' => $form->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['edit']['view']['context']
+ );
+ }
- //Create new user
- $user = $reflection->newInstance();
+ /**
+ * Login
+ *
+ * @param Request $request The request
+ * @param AuthenticationUtils $authenticationUtils The authentication utils
+ * @return Response The response
+ */
+ public function login(Request $request, AuthenticationUtils $authenticationUtils) {
+ //Create the LoginType form and give the proper parameters
+ $login = $this->createForm($this->config['login']['view']['form'], null, [
+ //Set action to login route name and context
+ 'action' => $this->generateUrl($this->config['route']['login']['name'], $this->config['route']['login']['context']),
+ 'method' => 'POST'
+ ]);
- $user->setMail($data['mail']);
- $user->setPseudonym($data['pseudonym']);
- $user->setForename($data['forename']);
- $user->setSurname($data['surname']);
- $user->setPassword($encoder->encodePassword($user, $data['password']));
- $user->setActive(true);
- $user->setTitle($data['title']);
- //TODO: see if we can't modify group constructor to set role directly from args
- //XXX: see vendor/symfony/symfony/src/Symfony/Component/Security/Core/Role/Role.php
- $user->addGroup($doctrine->getRepository($classGroup)->findOneByRole('ROLE_USER'));
- $user->setCreated(new \DateTime('now'));
- $user->setUpdated(new \DateTime('now'));
+ //Init context
+ $context = [];
- //Persist user
- $manager->persist($user);
+ //Last username entered by the user
+ if ($lastUsername = $authenticationUtils->getLastUsername()) {
+ $login->get('mail')->setData($lastUsername);
+ }
- try {
- //Send to database
- $manager->flush();
+ //Get the login error if there is one
+ if ($error = $authenticationUtils->getLastAuthenticationError()) {
+ //Get translated error
+ $error = $this->translator->trans($error->getMessageKey());
- //Send message
- if ($this->get('mailer')->send($message)) {
- //Redirect to cleanup the form
- return $this->redirectToRoute('rapsys_user_register', array('sent' => 1));
+ //Add error message to mail field
+ $login->get('mail')->addError(new FormError($error));
+
+ //Create the RecoverType form and give the proper parameters
+ $recover = $this->createForm($this->config['recover']['view']['form'], null, [
+ //Set action to recover route name and context
+ 'action' => $this->generateUrl($this->config['route']['recover']['name'], $this->config['route']['recover']['context']),
+ //Without password
+ 'password' => false,
+ //Set method
+ 'method' => 'POST'
+ ]);
+
+ //Get recover mail entity
+ $recover->get('mail')
+ //Set mail from login form
+ ->setData($login->get('mail')->getData())
+ //Add recover error
+ ->addError(new FormError($this->translator->trans('Use this form to recover your account')));
+
+ //Add recover form to context
+ $context['recover'] = $recover->createView();
+ } else {
+ //Add notice
+ $this->addFlash('notice', $this->translator->trans('To change your password login with your mail and any password then follow the procedure'));
+ }
+
+ //Render view
+ return $this->render(
+ //Template
+ $this->config['login']['view']['name'],
+ //Context
+ ['login' => $login->createView()]+$context+$this->config['login']['view']['context']
+ );
+ }
+
+ /**
+ * Recover account
+ *
+ * @param Request $request The request
+ * @param UserPasswordEncoderInterface $encoder The password encoder
+ * @param SluggerUtil $slugger The slugger
+ * @param MailerInterface $mailer The mailer
+ * @param string $mail The shorted mail address
+ * @param string $pass The shorted password
+ * @param string $hash The hashed password
+ * @return Response The response
+ */
+ public function recover(Request $request, UserPasswordEncoderInterface $encoder, SluggerUtil $slugger, MailerInterface $mailer, $mail, $pass, $hash) {
+ //Get doctrine
+ $doctrine = $this->getDoctrine();
+
+ //Without mail, pass and hash
+ if (empty($mail) && empty($pass) && empty($hash)) {
+ //Create the RecoverType form and give the proper parameters
+ $form = $this->createForm($this->config['recover']['view']['form'], null, [
+ //Set action to recover route name and context
+ 'action' => $this->generateUrl($this->config['route']['recover']['name'], $this->config['route']['recover']['context']),
+ //Without password
+ 'password' => false,
+ //Set method
+ 'method' => 'POST'
+ ]);
+
+ if ($request->isMethod('POST')) {
+ //Refill the fields in case the form is not valid.
+ $form->handleRequest($request);
+
+ if ($form->isValid()) {
+ //Set data
+ $data = $form->getData();
+
+ //Find user by data mail
+ if ($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($data['mail'])) {
+ //Set mail shortcut
+ $recoverMail =& $this->config['recover']['mail'];
+
+ //Set mail
+ $mail = $slugger->short($user->getMail());
+
+ //Set pass
+ $pass = $slugger->hash($user->getPassword());
+
+ //Generate each route route
+ foreach($this->config['recover']['route'] as $route => $tag) {
+ //Only process defined routes
+ if (!empty($this->config['route'][$route])) {
+ //Process for recover mail url
+ if ($route == 'recover') {
+ //Set the url in context
+ $recoverMail['context'][$tag] = $this->get('router')->generate(
+ $this->config['route'][$route]['name'],
+ //Prepend recover context with tag
+ [
+ 'mail' => $mail,
+ 'pass' => $pass,
+ 'hash' => $slugger->hash($mail.$pass)
+ ]+$this->config['route'][$route]['context'],
+ UrlGeneratorInterface::ABSOLUTE_URL
+ );
+ }
+ }
+ }
+
+ //Set recipient_name
+ $recoverMail['context']['recipient_mail'] = $user->getMail();
+
+ //Set recipient_name
+ $recoverMail['context']['recipient_name'] = trim($user->getForename().' '.$user->getSurname().($user->getPseudonym()?' ('.$user->getPseudonym().')':''));
+
+ //Init subject context
+ $subjectContext = $slugger->flatten(array_replace_recursive($this->config['recover']['view']['context'], $recoverMail['context']), null, '.', '%', '%');
+
+ //Translate subject
+ $recoverMail['subject'] = ucfirst($this->translator->trans($recoverMail['subject'], $subjectContext));
+
+ //Create message
+ $message = (new TemplatedEmail())
+ //Set sender
+ ->from(new Address($this->config['contact']['mail'], $this->config['contact']['title']))
+ //Set recipient
+ //XXX: remove the debug set in vendor/symfony/mime/Address.php +46
+ ->to(new Address($recoverMail['context']['recipient_mail'], $recoverMail['context']['recipient_name']))
+ //Set subject
+ ->subject($recoverMail['subject'])
+
+ //Set path to twig templates
+ ->htmlTemplate($recoverMail['html'])
+ ->textTemplate($recoverMail['text'])
+
+ //Set context
+ //XXX: require recursive merge to avoid loosing subkeys
+ //['subject' => $recoverMail['subject']]+$recoverMail['context']+$this->config['recover']['view']['context']
+ ->context(array_replace_recursive($this->config['recover']['view']['context'], $recoverMail['context'], ['subject' => $recoverMail['subject']]));
+
+ //Try sending message
+ //XXX: mail delivery may silently fail
+ try {
+ //Send message
+ $mailer->send($message);
+
+ //Redirect on the same route with sent=1 to cleanup form
+ return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$request->get('_route_params'));
+ //Catch obvious transport exception
+ } catch(TransportExceptionInterface $e) {
+ //Add error message mail unreachable
+ $form->get('mail')->addError(new FormError($this->translator->trans('Account found but unable to contact: %mail%', array('%mail%' => $data['mail']))));
+ }
+ //Accout not found
+ } else {
+ //Add error message to mail field
+ $form->get('mail')->addError(new FormError($this->translator->trans('Unable to find account %mail%', ['%mail%' => $data['mail']])));
}
- } catch (\Doctrine\DBAL\Exception\UniqueConstraintViolationException $e) {
- //Add error message mail already exists
- $form->get('mail')->addError(new FormError($this->translator->trans('Account already exists: %mail%', array('%mail%' => $data['mail']))));
}
}
+
+ //Render view
+ return $this->render(
+ //Template
+ $this->config['recover']['view']['name'],
+ //Context
+ ['form' => $form->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['recover']['view']['context']
+ );
}
- //Render view
- return $this->render($template, $context+array('form' => $form->createView(), 'sent' => $request->query->get('sent', 0)));
- }
+ //With invalid hash
+ if ($hash != $slugger->hash($mail.$pass)) {
+ //Throw bad request
+ throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
+ }
+
+ //Get mail
+ $mail = $slugger->unshort($smail = $mail);
+
+ //Without valid mail
+ if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) {
+ //Throw bad request
+ throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $mail]));
+ }
- public function recoverAction(Request $request, Slugger $slugger) {
- //Get mail template
- $mailTemplate = $this->config['recover']['mail_template'];
- //Get mail context
- $mailContext = $this->config['recover']['mail_context'];
- //Get template
- $template = $this->config['recover']['template'];
- //Get context
- $context = $this->config['recover']['context'];
- //Get url name
- $urlName = $this->config['recover']['url_name'];
- //Get url args
- $urlArgs = $this->config['recover']['url_args'];
- //Get home name
- $homeName = $this->config['contact']['home_name'];
- //Get home args
- $homeArgs = $this->config['contact']['home_args'];
- //Get contact name
- $contactName = $this->config['contact']['name'];
- //Get contact mail
- $contactMail = $this->config['contact']['mail'];
- //Get class user
- $classUser = $this->config['class']['user'];
-
- //Create the form according to the FormType created previously.
- //And give the proper parameters
- $form = $this->createForm('Rapsys\UserBundle\Form\RecoverType', null, array(
- // To set the action use $this->generateUrl('route_identifier')
- 'action' => $this->generateUrl('rapsys_user_recover'),
+ //With existing subscriber
+ if (empty($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) {
+ //Throw not found
+ //XXX: prevent slugger reverse engineering by not displaying decoded mail
+ throw $this->createNotFoundException($this->translator->trans('Unable to find account %mail%', ['%mail%' => $smail]));
+ }
+
+ //With unmatched pass
+ if ($pass != $slugger->hash($user->getPassword())) {
+ //Throw not found
+ //XXX: prevent use of outdated recover link
+ throw $this->createNotFoundException($this->translator->trans('Outdated recover link'));
+ }
+
+ //Create the RecoverType form and give the proper parameters
+ $form = $this->createForm($this->config['recover']['view']['form'], $user, [
+ //Set action to recover route name and context
+ 'action' => $this->generateUrl($this->config['route']['recover']['name'], ['mail' => $smail, 'pass' => $pass, 'hash' => $hash]+$this->config['route']['recover']['context']),
+ //Without mail
+ 'mail' => false,
+ //Set method
'method' => 'POST'
- ));
+ ]);
if ($request->isMethod('POST')) {
- // Refill the fields in case the form is not valid.
+ //Refill the fields in case the form is not valid.
$form->handleRequest($request);
if ($form->isValid()) {
- //Get doctrine
- $doctrine = $this->getDoctrine();
-
//Set data
$data = $form->getData();
- //Translate title
- $mailContext['title'] = $this->translator->trans($mailContext['title']);
-
- //Try to find user
- if ($user = $doctrine->getRepository($classUser)->findOneByMail($data['mail'])) {
- //Translate title
- $mailContext['subtitle'] = $this->translator->trans($mailContext['subtitle'], array('%name%' => $user->getForename().' '.$user->getSurname().' ('.$user->getPseudonym().')'));
-
- //Translate subject
- $mailContext['subject'] = $this->translator->trans($mailContext['subject'], array('%title%' => $mailContext['title']));
-
- //Translate message
- $mailContext['raw'] = $this->translator->trans($mailContext['raw'], array('%title%' => $mailContext['title'], '%url%' => $this->get('router')->generate($urlName, $urlArgs+array('mail' => $slugger->short($user->getMail()), 'hash' => $slugger->hash($user->getPassword())), UrlGeneratorInterface::ABSOLUTE_URL)));
-
- //Create message
- $message = \Swift_Message::newInstance()
- ->setSubject($mailContext['subject'])
- ->setFrom(array($contactMail => $contactName))
- ->setTo(array($user->getMail() => $user->getForename().' '.$user->getSurname()))
- ->setBody(strip_tags($mailContext['raw']))
- ->addPart(
- $this->renderView(
- $mailTemplate,
- $mailContext+array(
- 'home' => $this->get('router')->generate($homeName, $homeArgs, UrlGeneratorInterface::ABSOLUTE_URL)
- )
- ),
- 'text/html'
- );
+ //Set encoded password
+ $encoded = $encoder->encodePassword($user, $user->getPassword());
- //Send message
- if ($this->get('mailer')->send($message)) {
- //Redirect to cleanup the form
- return $this->redirectToRoute('rapsys_user_recover', array('sent' => 1));
- }
- //Accout not found
- } else {
- //Add error message to mail field
- $form->get('mail')->addError(new FormError($this->translator->trans('Unable to find account: %mail%', array('%mail%' => $data['mail']))));
- }
+ //Update pass
+ $pass = $slugger->hash($encoded);
+
+ //Set user password
+ $user->setPassword($encoded);
+
+ //Set updated
+ $user->setUpdated(new \DateTime('now'));
+
+ //Get manager
+ $manager = $doctrine->getManager();
+
+ //Persist user
+ $manager->persist($user);
+
+ //Send to database
+ $manager->flush();
+
+ //Add notice
+ $this->addFlash('notice', $this->translator->trans('Account %mail% password updated', ['%mail%' => $mail]));
+
+ //Redirect to user login
+ return $this->redirectToRoute($this->config['route']['login']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['login']['context']);
}
}
//Render view
- return $this->render($template, $context+array('form' => $form->createView(), 'sent' => $request->query->get('sent', 0)));
+ return $this->render(
+ //Template
+ $this->config['recover']['view']['name'],
+ //Context
+ ['form' => $form->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['recover']['view']['context']
+ );
}
- public function recoverMailAction(Request $request, UserPasswordEncoderInterface $encoder, Slugger $slugger, $mail, $hash) {
- //Get mail template
- $mailTemplate = $this->config['recover_mail']['mail_template'];
- //Get mail context
- $mailContext = $this->config['recover_mail']['mail_context'];
- //Get template
- $template = $this->config['recover_mail']['template'];
- //Get context
- $context = $this->config['recover_mail']['context'];
- //Get url name
- $urlName = $this->config['recover_mail']['url_name'];
- //Get url args
- $urlArgs = $this->config['recover_mail']['url_args'];
- //Get home name
- $homeName = $this->config['contact']['home_name'];
- //Get home args
- $homeArgs = $this->config['contact']['home_args'];
- //Get contact name
- $contactName = $this->config['contact']['name'];
- //Get contact mail
- $contactMail = $this->config['contact']['mail'];
- //Get class user
- $classUser = $this->config['class']['user'];
-
- //Create the form according to the FormType created previously.
- //And give the proper parameters
- $form = $this->createForm('Rapsys\UserBundle\Form\RecoverMailType', null, array(
- // To set the action use $this->generateUrl('route_identifier')
- 'action' => $this->generateUrl('rapsys_user_recover_mail', array('mail' => $mail, 'hash' => $hash)),
- 'method' => 'POST'
- ));
-
+ /**
+ * Register an account
+ *
+ * @param Request $request The request
+ * @param UserPasswordEncoderInterface $encoder The password encoder
+ * @param SluggerUtil $slugger The slugger
+ * @param MailerInterface $mailer The mailer
+ * @param LoggerInterface $logger The logger
+ * @param string $field The serialized then shorted form field array
+ * @param string $hash The hashed serialized field array
+ * @return Response The response
+ */
+ public function register(Request $request, UserPasswordEncoderInterface $encoder, SluggerUtil $slugger, MailerInterface $mailer, LoggerInterface $logger, $field, $hash) {
//Get doctrine
$doctrine = $this->getDoctrine();
- //Init not found
- $notfound = 1;
+ //With field
+ if (!empty($field) && !empty($hash)) {
+ //With invalid hash
+ if ($hash != $slugger->hash($field)) {
+ //Throw bad request
+ throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
+ }
- //Retrieve user
- if (($user = $doctrine->getRepository($classUser)->findOneByMail($slugger->unshort($mail))) && $hash == $slugger->hash($user->getPassword())) {
- //User was found
- $notfound = 0;
+ //Try
+ try {
+ //Unshort then unserialize field
+ $field = $slugger->unserialize($field);
+ //Catch type error
+ } catch (\Error|\Exception $e) {
+ //Throw bad request
+ throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'field', '%value%' => $field]), $e);
+ }
- if ($request->isMethod('POST')) {
- // Refill the fields in case the form is not valid.
- $form->handleRequest($request);
+ //With non array field
+ if (!is_array($field)) {
+ //Throw bad request
+ throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'field', '%value%' => $field]));
+ }
+ //Without field and hash
+ } else {
+ //Reset field
+ $field = [];
+ }
- if ($form->isValid()) {
- //Set data
- $data = $form->getData();
+ //Create the RegisterType form and give the proper parameters
+ $form = $this->createForm($this->config['register']['view']['form'], null, $field+[
+ //Set action to register route name and context
+ 'action' => $this->generateUrl($this->config['route']['register']['name'], $this->config['route']['register']['context']),
+ //Set civility class
+ 'civility_class' => $this->config['class']['civility'],
+ //Set civility default
+ 'civility_default' => $doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']),
+ //With mail
+ 'mail' => true,
+ //Set method
+ 'method' => 'POST'
+ ]);
- //Translate title
- $mailContext['title'] = $this->translator->trans($mailContext['title']);
+ if ($request->isMethod('POST')) {
+ //Refill the fields in case the form is not valid.
+ $form->handleRequest($request);
- //Translate title
- $mailContext['subtitle'] = $this->translator->trans($mailContext['subtitle'], array('%name%' => $user->getForename().' '.$user->getSurname().' ('.$user->getPseudonym().')'));
+ if ($form->isValid()) {
+ //Set data
+ $data = $form->getData();
- //Translate subject
- $mailContext['subject'] = $this->translator->trans($mailContext['subject'], array('%title%' => $mailContext['title']));
+ //Set mail shortcut
+ $registerMail =& $this->config['register']['mail'];
- //Set user password
- $user->setPassword($encoder->encodePassword($user, $data['password']));
+ //Set extra
+ $extra = [];
- //Translate message
- $mailContext['raw'] = $this->translator->trans($mailContext['raw'], array('%title%' => $mailContext['title'], '%url%' => $this->get('router')->generate($urlName, $urlArgs+array('mail' => $slugger->short($user->getMail()), 'hash' => $slugger->hash($user->getPassword())), UrlGeneratorInterface::ABSOLUTE_URL)));
+ //Init reflection
+ $reflection = new \ReflectionClass($this->config['class']['user']);
- //Get manager
- $manager = $doctrine->getManager();
+ //Create new user
+ $user = $reflection->newInstance();
- //Persist user
- $manager->persist($user);
+ //Iterate on each entry
+ //TODO: store add/set action between [] ???
+ foreach($data as $key => $value) {
+ //Skip mail
+ if ($key == 'mail') {
+ continue;
+ //Store shorted title
+ } elseif (is_callable([$value, 'getTitle'])) {
+ $extra[$key.'(title)'] = $value->getTitle();
+ //Store shorted id
+ } elseif (is_callable([$value, 'getId'])) {
+ $extra[$key.'(id)'] = $value->getId();
+ //Store encoded password
+ } elseif(!empty($value) && $key == 'password') {
+ $extra['password'] = $encoder->encodePassword($user, $value);
+ //Store shorted value
+ } elseif (!empty($value)) {
+ $extra[$key] = $value;
+ }
+ }
+
+ //Set mail
+ $mail = $slugger->short($data['mail']);
+
+ //Set extra
+ $extra = $slugger->serialize($extra);
+
+ //Generate each route route
+ foreach($this->config['register']['route'] as $route => $tag) {
+ //Only process defined routes
+ if (!empty($this->config['route'][$route])) {
+ //Process for confirm url
+ if ($route == 'confirm') {
+ //Set the url in context
+ $registerMail['context'][$tag] = $this->get('router')->generate(
+ $this->config['route'][$route]['name'],
+ //Prepend subscribe context with tag
+ [
+ 'mail' => $mail,
+ 'extra' => $extra,
+ 'hash' => $slugger->hash($mail.$extra)
+ ]+$this->config['route'][$route]['context'],
+ UrlGeneratorInterface::ABSOLUTE_URL
+ );
+ }
+ }
+ }
+
+ //Log new user infos
+ $logger->emergency(
+ $this->translator->trans(
+ 'newuser:mail=%mail%|locale=%locale%|confirm=%confirm%',
+ [
+ '%mail%' => $data['mail'],
+ '%locale%' => $request->getLocale(),
+ '%confirm%' => $registerMail['context'][$this->config['register']['route']['confirm']]
+ ]
+ )
+ );
+
+ //Set recipient_name
+ $registerMail['context']['recipient_mail'] = $data['mail'];
+
+ //Set recipient name
+ $registerMail['context']['recipient_name'] = '';
+
+ //With forename, surname and pseudonym
+ if (isset($data['forename']) && isset($data['surname']) && isset($data['pseudonym'])) {
+ //Set recipient name
+ $registerMail['context']['recipient_name'] = implode(' ', [$data['forename'], $data['surname'], $data['pseudonym']?'('.$data['pseudonym'].')':'']);
+ //With pseudonym
+ } elseif (isset($data['pseudonym'])) {
+ //Set recipient name
+ $registerMail['context']['recipient_name'] = $data['pseudonym'];
+ }
- //Send to database
- $manager->flush();
+ //Init subject context
+ $subjectContext = $slugger->flatten(array_replace_recursive($this->config['register']['view']['context'], $registerMail['context']), null, '.', '%', '%');
- //Create message
- $message = \Swift_Message::newInstance()
- ->setSubject($mailContext['subject'])
- ->setFrom(array($contactMail => $contactName))
- ->setTo(array($user->getMail() => $user->getForename().' '.$user->getSurname()))
- ->setBody(strip_tags($mailContext['raw']))
- ->addPart(
- $this->renderView(
- $mailTemplate,
- $mailContext+array(
- 'home' => $this->get('router')->generate($homeName, $homeArgs, UrlGeneratorInterface::ABSOLUTE_URL)
- )
- ),
- 'text/html'
- );
+ //Translate subject
+ $registerMail['subject'] = ucfirst($this->translator->trans($registerMail['subject'], $subjectContext));
+ //Create message
+ $message = (new TemplatedEmail())
+ //Set sender
+ ->from(new Address($this->config['contact']['mail'], $this->config['contact']['title']))
+ //Set recipient
+ //XXX: remove the debug set in vendor/symfony/mime/Address.php +46
+ ->to(new Address($registerMail['context']['recipient_mail'], $registerMail['context']['recipient_name']))
+ //Set subject
+ ->subject($registerMail['subject'])
+
+ //Set path to twig templates
+ ->htmlTemplate($registerMail['html'])
+ ->textTemplate($registerMail['text'])
+
+ //Set context
+ ->context(['subject' => $registerMail['subject']]+$registerMail['context']);
+
+ //Try sending message
+ //XXX: mail delivery may silently fail
+ try {
//Send message
- if ($this->get('mailer')->send($message)) {
- //Redirect to cleanup the form
- return $this->redirectToRoute('rapsys_user_recover_mail', array('mail' => $mail, 'hash' => $hash, 'sent' => 1));
- }
+ $mailer->send($message);
+
+ //Redirect on the same route with sent=1 to cleanup form
+ return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$request->get('_route_params'));
+ //Catch obvious transport exception
+ } catch(TransportExceptionInterface $e) {
+ //Add error message mail unreachable
+ $form->get('mail')->addError(new FormError($this->translator->trans('Account %mail% tried subscribe but unable to contact', array('%mail%' => $data['mail']))));
}
}
}
//Render view
- return $this->render($template, $context+array('form' => $form->createView(), 'sent' => $request->query->get('sent', 0), 'notfound' => $notfound));
+ return $this->render(
+ //Template
+ $this->config['register']['view']['name'],
+ //Context
+ ['form' => $form->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['register']['view']['context']
+ );
}
/**