X-Git-Url: https://git.rapsys.eu/userbundle/blobdiff_plain/a484f030bfbf1d7c87b4e2cac2473a9f4e5beac0..8c7e4a997b0702644721f19aadc9cce12594ea20:/Controller/DefaultController.php?ds=sidebyside diff --git a/Controller/DefaultController.php b/Controller/DefaultController.php index 9f2e2b5..7e16358 100644 --- a/Controller/DefaultController.php +++ b/Controller/DefaultController.php @@ -2,20 +2,24 @@ namespace Rapsys\UserBundle\Controller; -use Rapsys\UserBundle\Utils\Slugger; use Symfony\Bridge\Twig\Mime\TemplatedEmail; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Component\DependencyInjection\ContainerInterface; +use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; use Symfony\Component\Form\FormError; +use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\Mailer\Exception\TransportExceptionInterface; use Symfony\Component\Mailer\MailerInterface; -use Symfony\Component\Mime\NamedAddress; +use Symfony\Component\Mime\Address; use Symfony\Component\Routing\Generator\UrlGeneratorInterface; use Symfony\Component\Routing\RouterInterface; use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface; use Symfony\Component\Security\Http\Authentication\AuthenticationUtils; use Symfony\Component\Translation\TranslatorInterface; +use Psr\Log\LoggerInterface; + +use Rapsys\PackBundle\Util\SluggerUtil; class DefaultController extends AbstractController { //Config array @@ -24,40 +28,188 @@ class DefaultController extends AbstractController { //Translator instance protected $translator; - public function __construct(ContainerInterface $container, TranslatorInterface $translator, RouterInterface $router) { + /** + * Constructor + * + * @TODO: move all canonical and other view related stuff in an user AbstractController like in RapsysAir render feature !!!! + * + * @param ContainerInterface $container The containter instance + * @param RouterInterface $router The router instance + * @param TranslatorInterface $translator The translator instance + */ + public function __construct(ContainerInterface $container, RouterInterface $router, TranslatorInterface $translator) { //Retrieve config $this->config = $container->getParameter($this->getAlias()); //Set the translator $this->translator = $translator; - //Get current action - //XXX: we don't use this as it would be too slow, maybe ??? - #$action = str_replace(self::getAlias().'_', '', $container->get('request_stack')->getCurrentRequest()->get('_route')); + //Get request stack + $stack = $container->get('request_stack'); + + //Get current request + $request = $stack->getCurrentRequest(); + + //Get current locale + $currentLocale = $request->getLocale(); + + //Set locale + $this->config['context']['locale'] = str_replace('_', '-', $currentLocale); + + //Set translate array + $translates = []; + + //Look for keys to translate + if (!empty($this->config['translate'])) { + //Iterate on keys to translate + foreach($this->config['translate'] as $translate) { + //Set tmp + $tmp = null; + //Iterate on keys + foreach(array_reverse(explode('.', $translate)) as $curkey) { + $tmp = array_combine([$curkey], [$tmp]); + } + //Append tree + $translates = array_replace_recursive($translates, $tmp); + } + } //Inject every requested route in view and mail context foreach($this->config as $tag => $current) { + //Look for entry with title subkey + if (!empty($current['title'])) { + //Translate title value + $this->config[$tag]['title'] = $translator->trans($current['title']); + } + //Look for entry with route subkey if (!empty($current['route'])) { //Generate url for both view and mail foreach(['view', 'mail'] as $view) { //Check that context key is usable if (isset($current[$view]['context']) && is_array($current[$view]['context'])) { + //Merge with global context + $this->config[$tag][$view]['context'] = array_replace_recursive($this->config['context'], $this->config[$tag][$view]['context']); + //Process every routes foreach($current['route'] as $route => $key) { - //Skip recover_mail route as it requires some parameters - if ($route == 'recover_mail') { + //With confirm route + if ($route == 'confirm') { + //Skip route as it requires some parameters continue; } - //Check that key is empty - if (!isset($current[$view]['context'][$key])) { - //Generate the route - $this->config[$tag][$view]['context'][$key] = $router->generate( - $this->config['route'][$route]['name'], - $this->config['route'][$route]['context'], - //Generate absolute url for mails - $view=='mail'?UrlGeneratorInterface::ABSOLUTE_URL:UrlGeneratorInterface::ABSOLUTE_PATH - ); + + //Set value + $value = $router->generate( + $this->config['route'][$route]['name'], + $this->config['route'][$route]['context'], + //Generate absolute url for mails + $view=='mail'?UrlGeneratorInterface::ABSOLUTE_URL:UrlGeneratorInterface::ABSOLUTE_PATH + ); + + //Multi level key + if (strpos($key, '.') !== false) { + //Set tmp + $tmp = $value; + + //Iterate on key + foreach(array_reverse(explode('.', $key)) as $curkey) { + $tmp = array_combine([$curkey], [$tmp]); + } + + //Set value + $this->config[$tag][$view]['context'] = array_replace_recursive($this->config[$tag][$view]['context'], $tmp); + //Single level key + } else { + //Set value + $this->config[$tag][$view]['context'][$key] = $value; + } + } + + //Look for successful intersections + if (!empty(array_intersect_key($translates, $this->config[$tag][$view]['context']))) { + //Iterate on keys to translate + foreach($this->config['translate'] as $translate) { + //Set keys + $keys = explode('.', $translate); + + //Set tmp + $tmp = $this->config[$tag][$view]['context']; + + //Iterate on keys + foreach($keys as $curkey) { + //Without child key + if (!isset($tmp[$curkey])) { + //Skip to next key + continue(2); + } + + //Get child key + $tmp = $tmp[$curkey]; + } + + //Translate tmp value + $tmp = $translator->trans($tmp); + + //Iterate on keys + foreach(array_reverse($keys) as $curkey) { + //Set parent key + $tmp = array_combine([$curkey], [$tmp]); + } + + //Set value + $this->config[$tag][$view]['context'] = array_replace_recursive($this->config[$tag][$view]['context'], $tmp); + } + } + + //With view context + if ($view == 'view') { + //Get context path + $pathInfo = $router->getContext()->getPathInfo(); + + //Iterate on locales excluding current one + foreach($this->config['locales'] as $locale) { + //Set titles + $titles = []; + + //Iterate on other locales + foreach(array_diff($this->config['locales'], [$locale]) as $other) { + $titles[$other] = $translator->trans($this->config['languages'][$locale], [], null, $other); + } + + //Retrieve route matching path + $route = $router->match($pathInfo); + + //Get route name + $name = $route['_route']; + + //Unset route name + unset($route['_route']); + + //With current locale + if ($locale == $currentLocale) { + //Set locale locales context + $this->config[$tag][$view]['context']['canonical'] = $router->generate($name, ['_locale' => $locale]+$route, UrlGeneratorInterface::ABSOLUTE_URL); + } else { + //Set locale locales context + $this->config[$tag][$view]['context']['alternates'][$locale] = [ + 'absolute' => $router->generate($name, ['_locale' => $locale]+$route, UrlGeneratorInterface::ABSOLUTE_URL), + 'relative' => $router->generate($name, ['_locale' => $locale]+$route), + 'title' => implode('/', $titles), + 'translated' => $translator->trans($this->config['languages'][$locale], [], null, $locale) + ]; + } + + //Add shorter locale + if (empty($this->config[$tag][$view]['context']['alternates'][$slocale = substr($locale, 0, 2)])) { + //Add shorter locale + $this->config[$tag][$view]['context']['alternates'][$slocale] = [ + 'absolute' => $router->generate($name, ['_locale' => $locale]+$route, UrlGeneratorInterface::ABSOLUTE_URL), + 'relative' => $router->generate($name, ['_locale' => $locale]+$route), + 'title' => implode('/', $titles), + 'translated' => $translator->trans($this->config['languages'][$locale], [], null, $locale) + ]; + } } } } @@ -66,167 +218,332 @@ class DefaultController extends AbstractController { } } - public function login(Request $request, AuthenticationUtils $authenticationUtils) { - //Create the LoginType form and give the proper parameters - $form = $this->createForm($this->config['login']['view']['form'], null, [ - //Set action to login route name and context - 'action' => $this->generateUrl($this->config['route']['login']['name'], $this->config['route']['login']['context']), - 'method' => 'POST' - ]); + /** + * Confirm account from mail link + * + * @param Request $request The request + * @param UserPasswordEncoderInterface $encoder The password encoder + * @param SluggerUtil $slugger The slugger + * @param MailerInterface $mailer The mailer + * @param string $mail The shorted mail address + * @param string $extra The serialized then shorted extra array + * @param string $hash The hashed password + * @return Response The response + */ + public function confirm(Request $request, UserPasswordEncoderInterface $encoder, SluggerUtil $slugger, MailerInterface $mailer, $mail, $extra, $hash) { + //Get doctrine + $doctrine = $this->getDoctrine(); - //Get the login error if there is one - if ($error = $authenticationUtils->getLastAuthenticationError()) { - //Get translated error - $error = $this->translator->trans($error->getMessageKey()); + //With invalid hash + if ($hash != $slugger->hash($mail.$extra)) { + //Throw bad request + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash])); + } - //Add error message to mail field - $form->get('mail')->addError(new FormError($error)); + //Get mail + $mail = $slugger->unshort($smail = $mail); + + //Without valid mail + if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) { + //Throw bad request + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $mail])); } - //Last username entered by the user - if ($lastUsername = $authenticationUtils->getLastUsername()) { - $form->get('mail')->setData($lastUsername); + //With existing subscriber + if ($doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail)) { + //Add error message mail already exists + $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail])); + + //Redirect to user view + return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']); } - //Render view - return $this->render( - //Template - $this->config['login']['view']['name'], - //Context - ['form' => $form->createView(), 'error' => $error]+$this->config['login']['view']['context'] - ); + //Get extra + $extra = $slugger->unserialize($sextra = $extra); + + //Without valid extra + if (!is_array($extra)) { + //Throw bad request + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'extra', '%value%' => $sextra])); + } + + //Extract names and pseudonym from mail + $names = explode(' ', $pseudonym = ucwords(trim(preg_replace('/[^a-zA-Z]+/', ' ', current(explode('@', $mail)))))); + + //Get manager + $manager = $doctrine->getManager(); + + //Init reflection + $reflection = new \ReflectionClass($this->config['class']['user']); + + //Create new user + $user = $reflection->newInstance(); + + //Set mail + $user->setMail($mail); + + //Set default value + $default = [ + 'civility(title)' => $this->config['default']['civility'], + 'pseudonym' => $pseudonym, + 'forename' => $names[0]??$pseudonym, + 'surname' => $names[1]??$pseudonym, + 'password' => $encoder->encodePassword($user, $mail), + 'active' => true + ]; + + //Iterate on each default value + //TODO: store add/set action between [] ??? + foreach($extra+$default as $key => $value) { + //Set member + $member = $key; + + //With title entity + if (substr($key, -strlen('(title)')) === '(title)') { + //Remove field info + $member = substr($member, 0, -strlen('(title)')); + + //Get object as value + $value = $doctrine->getRepository($this->config['class'][$member])->findOneByTitle($value); + //With id entity + } elseif (substr($key, -strlen('(id)')) === '(id)') { + //Remove field info + $member = substr($member, 0, -strlen('(id)')); + + //Get object as value + $value = $doctrine->getRepository($this->config['class'][$key])->findOneById($value); + } + + //Set value + $user->{'set'.ucfirst($member)}($value); + + //Unset extra value + unset($extra[$key]); + } + + //Iterate on default group + foreach($this->config['default']['group'] as $i => $groupTitle) { + //Fetch group + if (($group = $doctrine->getRepository($this->config['class']['group'])->findOneByTitle($groupTitle))) { + //Set default group + //XXX: see vendor/symfony/security-core/Role/Role.php + $user->addGroup($group); + //Group not found + } else { + //Throw exception + //XXX: consider missing group as fatal + throw new \Exception(sprintf('Group from rapsys_user.default.group[%d] not found by title: %s', $i, $groupTitle)); + } + } + + $user->setCreated(new \DateTime('now')); + $user->setUpdated(new \DateTime('now')); + + //Persist user + $manager->persist($user); + + //Try saving in database + try { + //Send to database + $manager->flush(); + + //Add error message mail already exists + $this->addFlash('notice', $this->translator->trans('Your account has been created')); + //Catch double subscription + } catch (\Doctrine\DBAL\Exception\UniqueConstraintViolationException $e) { + //Add error message mail already exists + $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail])); + } + + //Redirect to user view + return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']); } - public function recover(Request $request, Slugger $slugger, MailerInterface $mailer) { - //Create the RecoverType form and give the proper parameters - $form = $this->createForm($this->config['recover']['view']['form'], null, array( - //Set action to recover route name and context - 'action' => $this->generateUrl($this->config['route']['recover']['name'], $this->config['route']['recover']['context']), + /** + * Edit account by shorted mail + * + * @param Request $request The request + * @param SluggerUtil $slugger The slugger + * @param string $mail The shorted mail address + * @return Response The response + */ + public function edit(Request $request, SluggerUtil $slugger, $mail) { + //Get doctrine + $doctrine = $this->getDoctrine(); + + //Get mail + $mail = $slugger->unshort($smail = $mail); + + //With existing subscriber + if (empty($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) { + var_dump($mail); + //Throw not found + //XXX: prevent slugger reverse engineering by not displaying decoded mail + throw $this->createNotFoundException($this->translator->trans('Unable to find account %mail%', ['%mail%' => $smail])); + } + + //Get user token + $token = new UsernamePasswordToken($user, null, 'none', $user->getRoles()); + + //Check if guest + $isGuest = $this->get('rapsys_user.access_decision_manager')->decide($token, ['ROLE_GUEST']); + + //Prevent access when not admin, user is not guest and not currently logged user + if (!$this->isGranted('ROLE_ADMIN') && empty($isGuest) && $user != $this->getUser()) { + //Throw access denied + //XXX: prevent slugger reverse engineering by not displaying decoded mail + throw $this->createAccessDeniedException($this->translator->trans('Unable to access user: %mail%', ['%mail%' => $smail])); + } + + //Create the RegisterType form and give the proper parameters + $form = $this->createForm($this->config['register']['view']['form'], $user, [ + //Set action to register route name and context + 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']), + //Set civility class + 'civility_class' => $this->config['class']['civility'], + //Set civility default + 'civility_default' => $doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']), + //Disable mail + 'mail' => $this->isGranted('ROLE_ADMIN'), + //Disable password + //XXX: prefer a reset on login to force user unspam action + 'password' => false, + //Set method 'method' => 'POST' - )); + ]); if ($request->isMethod('POST')) { //Refill the fields in case the form is not valid. $form->handleRequest($request); if ($form->isValid()) { - //Get doctrine - $doctrine = $this->getDoctrine(); - //Set data $data = $form->getData(); - //Try to find user - if ($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($data['mail'])) { - //Set mail shortcut - $mail =& $this->config['recover']['mail']; - - //Generate each route route - foreach($this->config['recover']['route'] as $route => $tag) { - //Only process defined routes - if (empty($mail['context'][$tag]) && !empty($this->config['route'][$route])) { - //Process for recover mail url - if ($route == 'recover_mail') { - //Prepend recover context with tag - $this->config['route'][$route]['context'] = [ - 'recipient' => $slugger->short($user->getMail()), - 'hash' => $slugger->hash($user->getPassword()) - ]+$this->config['route'][$route]['context']; - } - //Set the url in context - $mail['context'][$tag] = $this->get('router')->generate( - $this->config['route'][$route]['name'], - $this->config['route'][$route]['context'], - UrlGeneratorInterface::ABSOLUTE_URL - ); - - } - } + //Get manager + $manager = $doctrine->getManager(); - //Set recipient_name - $mail['context']['recipient_mail'] = $data['mail']; + //Queue snippet save + $manager->persist($data); - //Set recipient_name - $mail['context']['recipient_name'] = trim($user->getForename().' '.$user->getSurname().($user->getPseudonym()?' ('.$user->getPseudonym().')':'')); + //Flush to get the ids + $manager->flush(); - //Init subject context - $subjectContext = []; + //Add notice + $this->addFlash('notice', $this->translator->trans('Account %mail% updated', ['%mail%' => $mail])); - //Process each context pair - foreach($mail['context']+$this->config['recover']['view']['context'] as $k => $v) { - //Reinsert each context pair with the key surrounded by % - $subjectContext['%'.$k.'%'] = $v; - } + //Redirect to user view + //TODO: extract referer ??? or useless ??? + return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']); - //Translate subject - $mail['subject'] = ucfirst($this->translator->trans($mail['subject'], $subjectContext)); - - //Create message - $message = (new TemplatedEmail()) - //Set sender - ->from(new NamedAddress($this->config['contact']['mail'], $this->config['contact']['name'])) - //Set recipient - //XXX: remove the debug set in vendor/symfony/mime/Address.php +46 - ->to(new NamedAddress($mail['context']['recipient_mail'], $mail['context']['recipient_name'])) - //Set subject - ->subject($mail['subject']) - - //Set path to twig templates - ->htmlTemplate($mail['html']) - ->textTemplate($mail['text']) - - //Set context - ->context(['subject' => $mail['subject']]+$mail['context']+$this->config['recover']['view']['context']); - - //Try sending message - //XXX: mail delivery may silently fail - try { - //Send message - $mailer->send($message); - - //Redirect on the same route with sent=1 to cleanup form - #return $this->redirectToRoute('rapsys_user_register', array('sent' => 1)); - return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$request->get('_route_params')); - //Catch obvious transport exception - } catch(TransportExceptionInterface $e) { - //Add error message mail unreachable - $form->get('mail')->addError(new FormError($this->translator->trans('Account found but unable to contact: %mail%', array('%mail%' => $data['mail'])))); - } - //Accout not found - } else { - //Add error message to mail field - $form->get('mail')->addError(new FormError($this->translator->trans('Unable to find account: %mail%', ['%mail%' => $data['mail']]))); - } + //Redirect to cleanup the form + return $this->redirectToRoute('rapsys_air', ['user' => $data->getId()]); } + } else { + //Add notice + $this->addFlash('notice', $this->translator->trans('To change your password login with your mail %mail% and any password then follow the procedure', ['%mail%' => $mail])); } //Render view return $this->render( //Template - $this->config['recover']['view']['name'], + $this->config['edit']['view']['name'], //Context - ['form' => $form->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['recover']['view']['context'] + ['form' => $form->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['edit']['view']['context'] ); } - public function recoverMail(Request $request, UserPasswordEncoderInterface $encoder, Slugger $slugger, MailerInterface $mailer, $recipient, $hash) { - //Create the RecoverType form and give the proper parameters - $form = $this->createForm($this->config['recover_mail']['view']['form'], null, array( - //Set action to recover route name and context - 'action' => $this->generateUrl($this->config['route']['recover_mail']['name'], ['recipient' => $recipient, 'hash' => $hash]+$this->config['route']['recover_mail']['context']), + /** + * Login + * + * @param Request $request The request + * @param AuthenticationUtils $authenticationUtils The authentication utils + * @return Response The response + */ + public function login(Request $request, AuthenticationUtils $authenticationUtils) { + //Create the LoginType form and give the proper parameters + $login = $this->createForm($this->config['login']['view']['form'], null, [ + //Set action to login route name and context + 'action' => $this->generateUrl($this->config['route']['login']['name'], $this->config['route']['login']['context']), 'method' => 'POST' - )); + ]); + //Init context + $context = []; + + //Last username entered by the user + if ($lastUsername = $authenticationUtils->getLastUsername()) { + $login->get('mail')->setData($lastUsername); + } + + //Get the login error if there is one + if ($error = $authenticationUtils->getLastAuthenticationError()) { + //Get translated error + $error = $this->translator->trans($error->getMessageKey()); + + //Add error message to mail field + $login->get('mail')->addError(new FormError($error)); + + //Create the RecoverType form and give the proper parameters + $recover = $this->createForm($this->config['recover']['view']['form'], null, [ + //Set action to recover route name and context + 'action' => $this->generateUrl($this->config['route']['recover']['name'], $this->config['route']['recover']['context']), + //Without password + 'password' => false, + //Set method + 'method' => 'POST' + ]); + + //Get recover mail entity + $recover->get('mail') + //Set mail from login form + ->setData($login->get('mail')->getData()) + //Add recover error + ->addError(new FormError($this->translator->trans('Use this form to recover your account'))); + + //Add recover form to context + $context['recover'] = $recover->createView(); + } else { + //Add notice + $this->addFlash('notice', $this->translator->trans('To change your password login with your mail and any password then follow the procedure')); + } + + //Render view + return $this->render( + //Template + $this->config['login']['view']['name'], + //Context + ['login' => $login->createView()]+$context+$this->config['login']['view']['context'] + ); + } + + /** + * Recover account + * + * @param Request $request The request + * @param UserPasswordEncoderInterface $encoder The password encoder + * @param SluggerUtil $slugger The slugger + * @param MailerInterface $mailer The mailer + * @param string $mail The shorted mail address + * @param string $pass The shorted password + * @param string $hash The hashed password + * @return Response The response + */ + public function recover(Request $request, UserPasswordEncoderInterface $encoder, SluggerUtil $slugger, MailerInterface $mailer, $mail, $pass, $hash) { //Get doctrine $doctrine = $this->getDoctrine(); - //Init not found - $notfound = 1; - - //Retrieve user - if (($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($slugger->unshort($recipient))) && $hash == $slugger->hash($user->getPassword())) { - //User was found - $notfound = 0; + //Without mail, pass and hash + if (empty($mail) && empty($pass) && empty($hash)) { + //Create the RecoverType form and give the proper parameters + $form = $this->createForm($this->config['recover']['view']['form'], null, [ + //Set action to recover route name and context + 'action' => $this->generateUrl($this->config['route']['recover']['name'], $this->config['route']['recover']['context']), + //Without password + 'password' => false, + //Set method + 'method' => 'POST' + ]); if ($request->isMethod('POST')) { //Refill the fields in case the form is not valid. @@ -236,121 +553,242 @@ class DefaultController extends AbstractController { //Set data $data = $form->getData(); - //set encoded password - $encoded = $encoder->encodePassword($user, $data['password']); + //Find user by data mail + if ($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($data['mail'])) { + //Set mail shortcut + $recoverMail =& $this->config['recover']['mail']; + + //Set mail + $mail = $slugger->short($user->getMail()); + + //Set pass + $pass = $slugger->hash($user->getPassword()); + + //Generate each route route + foreach($this->config['recover']['route'] as $route => $tag) { + //Only process defined routes + if (!empty($this->config['route'][$route])) { + //Process for recover mail url + if ($route == 'recover') { + //Set the url in context + $recoverMail['context'][$tag] = $this->get('router')->generate( + $this->config['route'][$route]['name'], + //Prepend recover context with tag + [ + 'mail' => $mail, + 'pass' => $pass, + 'hash' => $slugger->hash($mail.$pass) + ]+$this->config['route'][$route]['context'], + UrlGeneratorInterface::ABSOLUTE_URL + ); + } + } + } - //Set user password - $user->setPassword($encoded); + //Set recipient_name + $recoverMail['context']['recipient_mail'] = $user->getMail(); + + //Set recipient_name + $recoverMail['context']['recipient_name'] = trim($user->getForename().' '.$user->getSurname().($user->getPseudonym()?' ('.$user->getPseudonym().')':'')); + + //Init subject context + $subjectContext = $slugger->flatten(array_replace_recursive($this->config['recover']['view']['context'], $recoverMail['context']), null, '.', '%', '%'); + + //Translate subject + $recoverMail['subject'] = ucfirst($this->translator->trans($recoverMail['subject'], $subjectContext)); + + //Create message + $message = (new TemplatedEmail()) + //Set sender + ->from(new Address($this->config['contact']['mail'], $this->config['contact']['title'])) + //Set recipient + //XXX: remove the debug set in vendor/symfony/mime/Address.php +46 + ->to(new Address($recoverMail['context']['recipient_mail'], $recoverMail['context']['recipient_name'])) + //Set subject + ->subject($recoverMail['subject']) + + //Set path to twig templates + ->htmlTemplate($recoverMail['html']) + ->textTemplate($recoverMail['text']) + + //Set context + //XXX: require recursive merge to avoid loosing subkeys + //['subject' => $recoverMail['subject']]+$recoverMail['context']+$this->config['recover']['view']['context'] + ->context(array_replace_recursive($this->config['recover']['view']['context'], $recoverMail['context'], ['subject' => $recoverMail['subject']])); + + //Try sending message + //XXX: mail delivery may silently fail + try { + //Send message + $mailer->send($message); + + //Redirect on the same route with sent=1 to cleanup form + return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$request->get('_route_params')); + //Catch obvious transport exception + } catch(TransportExceptionInterface $e) { + //Add error message mail unreachable + $form->get('mail')->addError(new FormError($this->translator->trans('Account found but unable to contact: %mail%', array('%mail%' => $data['mail'])))); + } + //Accout not found + } else { + //Add error message to mail field + $form->get('mail')->addError(new FormError($this->translator->trans('Unable to find account %mail%', ['%mail%' => $data['mail']]))); + } + } + } - //Get manager - $manager = $doctrine->getManager(); + //Render view + return $this->render( + //Template + $this->config['recover']['view']['name'], + //Context + ['form' => $form->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['recover']['view']['context'] + ); + } - //Persist user - $manager->persist($user); + //With invalid hash + if ($hash != $slugger->hash($mail.$pass)) { + //Throw bad request + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash])); + } - //Send to database - $manager->flush(); + //Get mail + $mail = $slugger->unshort($smail = $mail); - //Set mail shortcut - $mail =& $this->config['recover_mail']['mail']; + //Without valid mail + if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) { + //Throw bad request + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $mail])); + } - //Regen hash - $hash = $slugger->hash($encoded); + //With existing subscriber + if (empty($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) { + //Throw not found + //XXX: prevent slugger reverse engineering by not displaying decoded mail + throw $this->createNotFoundException($this->translator->trans('Unable to find account %mail%', ['%mail%' => $smail])); + } - //Generate each route route - foreach($this->config['recover_mail']['route'] as $route => $tag) { - //Only process defined routes - if (empty($mail['context'][$tag]) && !empty($this->config['route'][$route])) { - //Process for recover mail url - if ($route == 'recover_mail') { - //Prepend recover context with tag - $this->config['route'][$route]['context'] = [ - 'recipient' => $recipient, - 'hash' => $hash - ]+$this->config['route'][$route]['context']; - } - //Set the url in context - $mail['context'][$tag] = $this->get('router')->generate( - $this->config['route'][$route]['name'], - $this->config['route'][$route]['context'], - UrlGeneratorInterface::ABSOLUTE_URL - ); - } - } + //With unmatched pass + if ($pass != $slugger->hash($user->getPassword())) { + //Throw not found + //XXX: prevent use of outdated recover link + throw $this->createNotFoundException($this->translator->trans('Outdated recover link')); + } - //Set recipient_name - $mail['context']['recipient_mail'] = $user->getMail(); + //Create the RecoverType form and give the proper parameters + $form = $this->createForm($this->config['recover']['view']['form'], $user, [ + //Set action to recover route name and context + 'action' => $this->generateUrl($this->config['route']['recover']['name'], ['mail' => $smail, 'pass' => $pass, 'hash' => $hash]+$this->config['route']['recover']['context']), + //Without mail + 'mail' => false, + //Set method + 'method' => 'POST' + ]); - //Set recipient_name - $mail['context']['recipient_name'] = trim($user->getForename().' '.$user->getSurname().($user->getPseudonym()?' ('.$user->getPseudonym().')':'')); + if ($request->isMethod('POST')) { + //Refill the fields in case the form is not valid. + $form->handleRequest($request); - //Init subject context - $subjectContext = []; + if ($form->isValid()) { + //Set data + $data = $form->getData(); - //Process each context pair - foreach($mail['context']+$this->config['recover_mail']['view']['context'] as $k => $v) { - //Reinsert each context pair with the key surrounded by % - $subjectContext['%'.$k.'%'] = $v; - } + //Set encoded password + $encoded = $encoder->encodePassword($user, $user->getPassword()); - //Translate subject - $mail['subject'] = ucfirst($this->translator->trans($mail['subject'], $subjectContext)); - - //Create message - $message = (new TemplatedEmail()) - //Set sender - ->from(new NamedAddress($this->config['contact']['mail'], $this->config['contact']['name'])) - //Set recipient - //XXX: remove the debug set in vendor/symfony/mime/Address.php +46 - ->to(new NamedAddress($mail['context']['recipient_mail'], $mail['context']['recipient_name'])) - //Set subject - ->subject($mail['subject']) - - //Set path to twig templates - ->htmlTemplate($mail['html']) - ->textTemplate($mail['text']) - - //Set context - ->context(['subject' => $mail['subject']]+$mail['context']+$this->config['recover_mail']['view']['context']); - - //Try sending message - //XXX: mail delivery may silently fail - try { - //Send message - $mailer->send($message); - - //Redirect on the same route with sent=1 to cleanup form - return $this->redirectToRoute($request->get('_route'), ['recipient' => $recipient, 'hash' => $hash, 'sent' => 1]+$request->get('_route_params')); - //Catch obvious transport exception - } catch(TransportExceptionInterface $e) { - //Add error message mail unreachable - $form->get('mail')->addError(new FormError($this->translator->trans('Account password updated but unable to contact: %mail%', array('%mail%' => $mail['context']['recipient_mail'])))); - } - } + //Update pass + $pass = $slugger->hash($encoded); + + //Set user password + $user->setPassword($encoded); + + //Set updated + $user->setUpdated(new \DateTime('now')); + + //Get manager + $manager = $doctrine->getManager(); + + //Persist user + $manager->persist($user); + + //Send to database + $manager->flush(); + + //Add notice + $this->addFlash('notice', $this->translator->trans('Account %mail% password updated', ['%mail%' => $mail])); + + //Redirect to user login + return $this->redirectToRoute($this->config['route']['login']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['login']['context']); } - //Accout not found - } else { - //Add error message to mail field - $form->get('mail')->addError(new FormError($this->translator->trans('Unable to find account: %mail%', ['%mail%' => $slugger->unshort($recipient)]))); } //Render view return $this->render( //Template - $this->config['recover_mail']['view']['name'], + $this->config['recover']['view']['name'], //Context - ['form' => $form->createView(), 'sent' => $request->query->get('sent', 0), 'notfound' => $notfound]+$this->config['recover_mail']['view']['context'] + ['form' => $form->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['recover']['view']['context'] ); } - public function register(Request $request, UserPasswordEncoderInterface $encoder, MailerInterface $mailer) { + /** + * Register an account + * + * @param Request $request The request + * @param UserPasswordEncoderInterface $encoder The password encoder + * @param SluggerUtil $slugger The slugger + * @param MailerInterface $mailer The mailer + * @param LoggerInterface $logger The logger + * @param string $field The serialized then shorted form field array + * @param string $hash The hashed serialized field array + * @return Response The response + */ + public function register(Request $request, UserPasswordEncoderInterface $encoder, SluggerUtil $slugger, MailerInterface $mailer, LoggerInterface $logger, $field, $hash) { + //Get doctrine + $doctrine = $this->getDoctrine(); + + //With field + if (!empty($field) && !empty($hash)) { + //With invalid hash + if ($hash != $slugger->hash($field)) { + //Throw bad request + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash])); + } + + //Try + try { + //Unshort then unserialize field + $field = $slugger->unserialize($field); + //Catch type error + } catch (\Error|\Exception $e) { + //Throw bad request + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'field', '%value%' => $field]), $e); + } + + //With non array field + if (!is_array($field)) { + //Throw bad request + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'field', '%value%' => $field])); + } + //Without field and hash + } else { + //Reset field + $field = []; + } + //Create the RegisterType form and give the proper parameters - $form = $this->createForm($this->config['register']['view']['form'], null, array( - 'class_title' => $this->config['class']['title'], + $form = $this->createForm($this->config['register']['view']['form'], null, $field+[ //Set action to register route name and context 'action' => $this->generateUrl($this->config['route']['register']['name'], $this->config['route']['register']['context']), + //Set civility class + 'civility_class' => $this->config['class']['civility'], + //Set civility default + 'civility_default' => $doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']), + //With mail + 'mail' => true, + //Set method 'method' => 'POST' - )); + ]); if ($request->isMethod('POST')) { //Refill the fields in case the form is not valid. @@ -361,109 +799,128 @@ class DefaultController extends AbstractController { $data = $form->getData(); //Set mail shortcut - $mail =& $this->config['register']['mail']; + $registerMail =& $this->config['register']['mail']; + + //Set extra + $extra = []; + + //Init reflection + $reflection = new \ReflectionClass($this->config['class']['user']); + + //Create new user + $user = $reflection->newInstance(); + + //Iterate on each entry + //TODO: store add/set action between [] ??? + foreach($data as $key => $value) { + //Skip mail + if ($key == 'mail') { + continue; + //Store shorted title + } elseif (is_callable([$value, 'getTitle'])) { + $extra[$key.'(title)'] = $value->getTitle(); + //Store shorted id + } elseif (is_callable([$value, 'getId'])) { + $extra[$key.'(id)'] = $value->getId(); + //Store encoded password + } elseif(!empty($value) && $key == 'password') { + $extra['password'] = $encoder->encodePassword($user, $value); + //Store shorted value + } elseif (!empty($value)) { + $extra[$key] = $value; + } + } + + //Set mail + $mail = $slugger->short($data['mail']); + + //Set extra + $extra = $slugger->serialize($extra); //Generate each route route foreach($this->config['register']['route'] as $route => $tag) { - if (empty($mail['context'][$tag]) && !empty($this->config['route'][$route])) { - $mail['context'][$tag] = $this->get('router')->generate( - $this->config['route'][$route]['name'], - $this->config['route'][$route]['context'], - UrlGeneratorInterface::ABSOLUTE_URL - ); + //Only process defined routes + if (!empty($this->config['route'][$route])) { + //Process for confirm url + if ($route == 'confirm') { + //Set the url in context + $registerMail['context'][$tag] = $this->get('router')->generate( + $this->config['route'][$route]['name'], + //Prepend subscribe context with tag + [ + 'mail' => $mail, + 'extra' => $extra, + 'hash' => $slugger->hash($mail.$extra) + ]+$this->config['route'][$route]['context'], + UrlGeneratorInterface::ABSOLUTE_URL + ); + } } } - //Set recipient_name - $mail['context']['recipient_mail'] = $data['mail']; + //Log new user infos + $logger->emergency( + $this->translator->trans( + 'newuser:mail=%mail%|locale=%locale%|confirm=%confirm%', + [ + '%mail%' => $data['mail'], + '%locale%' => $request->getLocale(), + '%confirm%' => $registerMail['context'][$this->config['register']['route']['confirm']] + ] + ) + ); //Set recipient_name - $mail['context']['recipient_name'] = trim($data['forename'].' '.$data['surname'].($data['pseudonym']?' ('.$data['pseudonym'].')':'')); + $registerMail['context']['recipient_mail'] = $data['mail']; + + //Set recipient name + $registerMail['context']['recipient_name'] = ''; + + //With forename, surname and pseudonym + if (isset($data['forename']) && isset($data['surname']) && isset($data['pseudonym'])) { + //Set recipient name + $registerMail['context']['recipient_name'] = implode(' ', [$data['forename'], $data['surname'], $data['pseudonym']?'('.$data['pseudonym'].')':'']); + //With pseudonym + } elseif (isset($data['pseudonym'])) { + //Set recipient name + $registerMail['context']['recipient_name'] = $data['pseudonym']; + } //Init subject context - $subjectContext = []; - - //Process each context pair - foreach($mail['context']+$this->config['register']['view']['context'] as $k => $v) { - //Reinsert each context pair with the key surrounded by % - $subjectContext['%'.$k.'%'] = $v; - } + $subjectContext = $slugger->flatten(array_replace_recursive($this->config['register']['view']['context'], $registerMail['context']), null, '.', '%', '%'); //Translate subject - $mail['subject'] = ucfirst($this->translator->trans($mail['subject'], $subjectContext)); + $registerMail['subject'] = ucfirst($this->translator->trans($registerMail['subject'], $subjectContext)); //Create message $message = (new TemplatedEmail()) //Set sender - ->from(new NamedAddress($this->config['contact']['mail'], $this->config['contact']['name'])) + ->from(new Address($this->config['contact']['mail'], $this->config['contact']['title'])) //Set recipient //XXX: remove the debug set in vendor/symfony/mime/Address.php +46 - ->to(new NamedAddress($mail['context']['recipient_mail'], $mail['context']['recipient_name'])) + ->to(new Address($registerMail['context']['recipient_mail'], $registerMail['context']['recipient_name'])) //Set subject - ->subject($mail['subject']) + ->subject($registerMail['subject']) //Set path to twig templates - ->htmlTemplate($mail['html']) - ->textTemplate($mail['text']) + ->htmlTemplate($registerMail['html']) + ->textTemplate($registerMail['text']) //Set context - ->context(['subject' => $mail['subject']]+$mail['context']+$this->config['register']['view']['context']); - - //Get doctrine - $doctrine = $this->getDoctrine(); + ->context(['subject' => $registerMail['subject']]+$registerMail['context']); - //Get manager - $manager = $doctrine->getManager(); - - //Init reflection - $reflection = new \ReflectionClass($this->config['class']['user']); - - //Create new user - $user = $reflection->newInstance(); - - $user->setMail($data['mail']); - $user->setPseudonym($data['pseudonym']); - $user->setForename($data['forename']); - $user->setSurname($data['surname']); - $user->setPhone($data['phone']); - $user->setPassword($encoder->encodePassword($user, $data['password'])); - $user->setActive(true); - $user->setTitle($data['title']); - - //XXX: For now there is no point in setting a role at subscription - //TODO: see if we can't modify group constructor to set role directly from args - //XXX: see vendor/symfony/symfony/src/Symfony/Component/Security/Core/Role/Role.php - #$user->addGroup($doctrine->getRepository($this->config['class']['group'])->findOneByRole('ROLE_USER')); - - $user->setCreated(new \DateTime('now')); - $user->setUpdated(new \DateTime('now')); - - //Persist user - $manager->persist($user); - - //Try saving in database + //Try sending message + //XXX: mail delivery may silently fail try { - //Send to database - $manager->flush(); - - //Try sending message - //XXX: mail delivery may silently fail - try { - //Send message - $mailer->send($message); - - //Redirect on the same route with sent=1 to cleanup form - #return $this->redirectToRoute('rapsys_user_register', array('sent' => 1)); - return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$request->get('_route_params')); - //Catch obvious transport exception - } catch(TransportExceptionInterface $e) { - //Add error message mail unreachable - $form->get('mail')->addError(new FormError($this->translator->trans('Account created but unable to contact: %mail%', array('%mail%' => $data['mail'])))); - } - //Catch double subscription - } catch (\Doctrine\DBAL\Exception\UniqueConstraintViolationException $e) { - //Add error message mail already exists - $form->get('mail')->addError(new FormError($this->translator->trans('Account already exists: %mail%', ['%mail%' => $data['mail']]))); + //Send message + $mailer->send($message); + + //Redirect on the same route with sent=1 to cleanup form + return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$request->get('_route_params')); + //Catch obvious transport exception + } catch(TransportExceptionInterface $e) { + //Add error message mail unreachable + $form->get('mail')->addError(new FormError($this->translator->trans('Account %mail% tried subscribe but unable to contact', array('%mail%' => $data['mail'])))); } } }