X-Git-Url: https://git.rapsys.eu/userbundle/blobdiff_plain/bab59a4b88a081a7a27a53b4559d74e63b68db92..2f0ee1d8679c0a5de721520a4cc05de72aae9db3:/Controller/DefaultController.php?ds=sidebyside diff --git a/Controller/DefaultController.php b/Controller/DefaultController.php index d3c2a3f..de4ff4e 100644 --- a/Controller/DefaultController.php +++ b/Controller/DefaultController.php @@ -1,376 +1,856 @@ - + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ namespace Rapsys\UserBundle\Controller; -use Symfony\Bundle\FrameworkBundle\Controller\Controller; +use Doctrine\DBAL\Exception\UniqueConstraintViolationException; +use Symfony\Bridge\Twig\Mime\TemplatedEmail; +use Symfony\Component\Form\FormError; use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; +use Symfony\Component\Mailer\Exception\TransportExceptionInterface; +use Symfony\Component\Mime\Address; use Symfony\Component\Routing\Generator\UrlGeneratorInterface; -use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface; use Symfony\Component\Security\Http\Authentication\AuthenticationUtils; -use Symfony\Component\Form\FormError; -use Rapsys\UserBundle\Utils\Slugger; - -class DefaultController extends Controller { - public function loginAction(Request $request, AuthenticationUtils $authenticationUtils) { - //Get template - $template = $this->container->getParameter(($alias = $this->getAlias()).'.login.template'); - //Get context - $context = $this->container->getParameter($alias.'.login.context'); - - //Create the form according to the FormType created previously. - //And give the proper parameters - $form = $this->createForm('Rapsys\UserBundle\Form\LoginType', null, array( - // To set the action use $this->generateUrl('route_identifier') - 'action' => $this->generateUrl('rapsys_user_login'), - 'method' => 'POST' - )); - //Get the login error if there is one - if ($error = $authenticationUtils->getLastAuthenticationError()) { - //Get translator - $trans = $this->get('translator'); +/** + * {@inheritdoc} + */ +class DefaultController extends AbstractController { + /** + * Confirm account from mail link + * + * @param Request $request The request + * @param string $hash The hashed password + * @param string $mail The shorted mail address + * @return Response The response + */ + public function confirm(Request $request, string $hash, string $mail): Response { + //With invalid hash + if ($hash != $this->slugger->hash($mail)) { + //Throw bad request + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash])); + } - //Get translated error - $error = $trans->trans($error->getMessageKey()); + //Get mail + $mail = $this->slugger->unshort($smail = $mail); - //Add error message to mail field - $form->get('mail')->addError(new FormError($error)); + //Without valid mail + if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) { + //Throw bad request + //XXX: prevent slugger reverse engineering by not displaying decoded mail + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail])); } - //Last username entered by the user - if ($lastUsername = $authenticationUtils->getLastUsername()) { - $form->get('mail')->setData($lastUsername); + //Without existing registrant + if (!($user = $this->doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) { + //Add error message mail already exists + //XXX: prevent slugger reverse engineering by not displaying decoded mail + $this->addFlash('error', $this->translator->trans('Account %mail% do not exists', ['%mail%' => $smail])); + + //Redirect to register view + return $this->redirectToRoute($this->config['route']['register']['name'], ['mail' => $smail, 'field' => $sfield = $this->slugger->serialize([]), 'hash' => $this->slugger->hash($smail.$sfield)]+$this->config['route']['register']['context']); } - //Render view - return $this->render($template, $context+array('form' => $form->createView(), 'error' => $error)); + //Set active + $user->setActive(true); + + //Persist user + $this->manager->persist($user); + + //Send to database + $this->manager->flush(); + + //Add error message mail already exists + $this->addFlash('notice', $this->translator->trans('Your account has been activated')); + + //Redirect to user view + return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $this->slugger->hash($smail)]+$this->config['route']['edit']['context']); } - public function registerAction(Request $request, UserPasswordEncoderInterface $encoder) { - //Get mail template - $mailTemplate = $this->container->getParameter(($alias = $this->getAlias()).'.register.mail_template'); - //Get mail context - $mailContext = $this->container->getParameter($alias.'.register.mail_context'); - //Get template - $template = $this->container->getParameter($alias.'.register.template'); - //Get context - $context = $this->container->getParameter($alias.'.register.context'); - //Get home name - $homeName = $this->container->getParameter($alias.'.contact.home_name'); - //Get home args - $homeArgs = $this->container->getParameter($alias.'.contact.home_args'); - //Get contact name - $contactName = $this->container->getParameter($alias.'.contact.name'); - //Get contact mail - $contactMail = $this->container->getParameter($alias.'.contact.mail'); - //TODO: check if doctrine orm replacement is enough with default classes here - //Get class user - $classUser = $this->container->getParameter($alias.'.class.user'); - //Get class group - $classGroup = $this->container->getParameter($alias.'.class.group'); - //Get class title - $classTitle = $this->container->getParameter($alias.'.class.title'); - - //Create the form according to the FormType created previously. - //And give the proper parameters - $form = $this->createForm('Rapsys\UserBundle\Form\RegisterType', null, array( - // To set the action use $this->generateUrl('route_identifier') - 'class_title' => $classTitle, - 'action' => $this->generateUrl('rapsys_user_register'), - 'method' => 'POST' - )); + /** + * Edit account by shorted mail + * + * @param Request $request The request + * @param string $hash The hashed password + * @param string $mail The shorted mail address + * @return Response The response + */ + public function edit(Request $request, string $hash, string $mail): Response { + //With invalid hash + if ($hash != $this->slugger->hash($mail)) { + //Throw bad request + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash])); + } - if ($request->isMethod('POST')) { - // Refill the fields in case the form is not valid. - $form->handleRequest($request); + //Get mail + $mail = $this->slugger->unshort($smail = $mail); - if ($form->isValid()) { - //Get translator - $trans = $this->get('translator'); + //With existing subscriber + if (empty($user = $this->doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) { + //Throw not found + //XXX: prevent slugger reverse engineering by not displaying decoded mail + throw $this->createNotFoundException($this->translator->trans('Unable to find account %mail%', ['%mail%' => $smail])); + } - //Set data - $data = $form->getData(); + //Prevent access when not admin, user is not guest and not currently logged user + if (!$this->isGranted('ROLE_ADMIN') && $user != $this->getUser() || !$this->isGranted('IS_AUTHENTICATED_FULLY')) { + //Throw access denied + //XXX: prevent slugger reverse engineering by not displaying decoded mail + throw $this->createAccessDeniedException($this->translator->trans('Unable to access user: %mail%', ['%mail%' => $smail])); + } - //Translate title - $mailContext['title'] = $trans->trans($mailContext['title']); + //Create the RegisterType form and give the proper parameters + $edit = $this->createForm($this->config['edit']['view']['edit'], $user, [ + //Set action to register route name and context + 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $this->slugger->hash($smail)]+$this->config['route']['edit']['context']), + //Set civility class + 'civility_class' => $this->config['class']['civility'], + //Set civility default + 'civility_default' => $this->doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']), + //Disable mail + 'mail' => $this->isGranted('ROLE_ADMIN'), + //Disable password + 'password' => false, + //Set method + 'method' => 'POST' + ]+$this->config['edit']['field']); + + //With admin role + if ($this->isGranted('ROLE_ADMIN')) { + //Create the LoginType form and give the proper parameters + $reset = $this->createForm($this->config['edit']['view']['reset'], $user, [ + //Set action to register route name and context + 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $this->slugger->hash($smail)]+$this->config['route']['edit']['context']), + //Disable mail + 'mail' => false, + //Set method + 'method' => 'POST' + ]); + + //With post method + if ($request->isMethod('POST')) { + //Refill the fields in case the form is not valid. + $reset->handleRequest($request); - //Translate title - $mailContext['subtitle'] = $trans->trans($mailContext['subtitle'], array('%name%' => $data['forename'].' '.$data['surname'].' ('.$data['pseudonym'].')')); + //With reset submitted and valid + if ($reset->isSubmitted() && $reset->isValid()) { + //Set data + $data = $reset->getData(); - //Translate subject - $mailContext['subject'] = $trans->trans($mailContext['subject'], array('%title%' => $mailContext['title'])); + //Set password + $data->setPassword($this->hasher->hashPassword($data, $data->getPassword())); - //Translate message - $mailContext['message'] = $trans->trans($mailContext['message'], array('%title%' => $mailContext['title'])); + //Queue snippet save + $this->manager->persist($data); - //Create message - $message = \Swift_Message::newInstance() - ->setSubject($mailContext['subject']) - ->setFrom(array($contactMail => $contactName)) - ->setTo(array($data['mail'] => $data['forename'].' '.$data['surname'])) - ->setBody($mailContext['message']) - ->addPart( - $this->renderView( - $mailTemplate, - $mailContext+array( - 'home' => $this->get('router')->generate($homeName, $homeArgs, UrlGeneratorInterface::ABSOLUTE_URL) - ) - ), - 'text/html' - ); + //Flush to get the ids + $this->manager->flush(); - //Get doctrine - $doctrine = $this->getDoctrine(); + //Add notice + $this->addFlash('notice', $this->translator->trans('Account %mail% password updated', ['%mail%' => $mail = $data->getMail()])); - //Get manager - $manager = $doctrine->getManager(); + //Redirect to cleanup the form + return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $this->slugger->short($mail), 'hash' => $this->slugger->hash($smail)]+$this->config['route']['edit']['context']); + } + } - //Init reflection - $reflection = new \ReflectionClass($classUser); + //Add reset view + $this->config['edit']['view']['context']['reset'] = $reset->createView(); + } - //Create new user - $user = $reflection->newInstance(); + //With post method + if ($request->isMethod('POST')) { + //Refill the fields in case the form is not valid. + $edit->handleRequest($request); - $user->setMail($data['mail']); - $user->setPseudonym($data['pseudonym']); - $user->setForename($data['forename']); - $user->setSurname($data['surname']); - $user->setPassword($encoder->encodePassword($user, $data['password'])); - $user->setActive(true); - $user->setTitle($data['title']); - //TODO: see if we can't modify group constructor to set role directly from args - //XXX: see vendor/symfony/symfony/src/Symfony/Component/Security/Core/Role/Role.php - $user->addGroup($doctrine->getRepository($classGroup)->findOneByRole('ROLE_USER')); - $user->setCreated(new \DateTime('now')); - $user->setUpdated(new \DateTime('now')); + //With edit submitted and valid + if ($edit->isSubmitted() && $edit->isValid()) { + //Set data + $data = $edit->getData(); - //Persist user - $manager->persist($user); + //Queue snippet save + $this->manager->persist($data); + //Try saving in database try { - //Send to database - $manager->flush(); + //Flush to get the ids + $this->manager->flush(); - //Send message - if ($this->get('mailer')->send($message)) { - //Redirect to cleanup the form - return $this->redirectToRoute('rapsys_user_register', array('sent' => 1)); - } - } catch (\Doctrine\DBAL\Exception\UniqueConstraintViolationException $e) { + //Add notice + $this->addFlash('notice', $this->translator->trans('Account %mail% updated', ['%mail%' => $mail = $data->getMail()])); + + //Redirect to cleanup the form + return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $this->slugger->short($mail), 'hash' => $this->slugger->hash($smail)]+$this->config['route']['edit']['context']); + //Catch double slug or mail + } catch (UniqueConstraintViolationException $e) { //Add error message mail already exists - $form->get('mail')->addError(new FormError($trans->trans('Account already exists: %mail%', array('%mail%' => $data['mail'])))); + $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $data->getMail()])); } } + //Without admin role + //XXX: prefer a reset on login to force user unspam action + } elseif (!$this->isGranted('ROLE_ADMIN')) { + //Add notice + $this->addFlash('notice', $this->translator->trans('To change your password login with your mail and any password then follow the procedure')); } //Render view - return $this->render($template, $context+array('form' => $form->createView(), 'sent' => $request->query->get('sent', 0))); + return $this->render( + //Template + $this->config['edit']['view']['name'], + //Context + ['edit' => $edit->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['edit']['view']['context'] + ); } - public function recoverAction(Request $request, Slugger $slugger) { - //Get mail template - $mailTemplate = $this->container->getParameter(($alias = $this->getAlias()).'.recover.mail_template'); - //Get mail context - $mailContext = $this->container->getParameter($alias.'.recover.mail_context'); - //Get template - $template = $this->container->getParameter($alias.'.recover.template'); - //Get context - $context = $this->container->getParameter($alias.'.recover.context'); - //Get url name - $urlName = $this->container->getParameter($alias.'.recover.url_name'); - //Get url args - $urlArgs = $this->container->getParameter($alias.'.recover.url_args'); - //Get home name - $homeName = $this->container->getParameter($alias.'.contact.home_name'); - //Get home args - $homeArgs = $this->container->getParameter($alias.'.contact.home_args'); - //Get contact name - $contactName = $this->container->getParameter($alias.'.contact.name'); - //Get contact mail - $contactMail = $this->container->getParameter($alias.'.contact.mail'); - //Get class user - $classUser = $this->container->getParameter($alias.'.class.user'); - - //Create the form according to the FormType created previously. - //And give the proper parameters - $form = $this->createForm('Rapsys\UserBundle\Form\RecoverType', null, array( - // To set the action use $this->generateUrl('route_identifier') - 'action' => $this->generateUrl('rapsys_user_recover'), + /** + * Login + * + * @param Request $request The request + * @param AuthenticationUtils $authenticationUtils The authentication utils + * @param ?string $hash The hashed password + * @param ?string $mail The shorted mail address + * @return Response The response + */ + public function login(Request $request, AuthenticationUtils $authenticationUtils, ?string $hash, ?string $mail): Response { + //Create the LoginType form and give the proper parameters + $login = $this->createForm($this->config['login']['view']['form'], null, [ + //Set action to login route name and context + 'action' => $this->generateUrl($this->config['route']['login']['name'], $this->config['route']['login']['context']), + //Disable repeated password + 'password_repeated' => false, + //Set method 'method' => 'POST' - )); + ]); - if ($request->isMethod('POST')) { - // Refill the fields in case the form is not valid. - $form->handleRequest($request); + //Init context + $context = []; - if ($form->isValid()) { - //Get translator - $trans = $this->get('translator'); + //With mail + if (!empty($mail) && !empty($hash)) { + //With invalid hash + if ($hash != $this->slugger->hash($mail)) { + //Throw bad request + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash])); + } - //Get doctrine - $doctrine = $this->getDoctrine(); + //Get mail + $mail = $this->slugger->unshort($smail = $mail); - //Set data - $data = $form->getData(); + //Without valid mail + if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) { + //Throw bad request + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail])); + } - //Translate title - $mailContext['title'] = $trans->trans($mailContext['title']); - - //Try to find user - if ($user = $doctrine->getRepository($classUser)->findOneByMail($data['mail'])) { - //Translate title - $mailContext['subtitle'] = $trans->trans($mailContext['subtitle'], array('%name%' => $user->getForename().' '.$user->getSurname().' ('.$user->getPseudonym().')')); - - //Translate subject - $mailContext['subject'] = $trans->trans($mailContext['subject'], array('%title%' => $mailContext['title'])); - - //Translate message - $mailContext['raw'] = $trans->trans($mailContext['raw'], array('%title%' => $mailContext['title'], '%url%' => $this->get('router')->generate($urlName, $urlArgs+array('mail' => $slugger->short($user->getMail()), 'hash' => $slugger->hash($user->getPassword())), UrlGeneratorInterface::ABSOLUTE_URL))); - - //Create message - $message = \Swift_Message::newInstance() - ->setSubject($mailContext['subject']) - ->setFrom(array($contactMail => $contactName)) - ->setTo(array($user->getMail() => $user->getForename().' '.$user->getSurname())) - ->setBody(strip_tags($mailContext['raw'])) - ->addPart( - $this->renderView( - $mailTemplate, - $mailContext+array( - 'home' => $this->get('router')->generate($homeName, $homeArgs, UrlGeneratorInterface::ABSOLUTE_URL) - ) - ), - 'text/html' - ); + //Prefilled mail + $login->get('mail')->setData($mail); + //Last username entered by the user + } elseif ($lastUsername = $authenticationUtils->getLastUsername()) { + $login->get('mail')->setData($lastUsername); + } + + //Get the login error if there is one + if ($error = $authenticationUtils->getLastAuthenticationError()) { + //Get translated error + $error = $this->translator->trans($error->getMessageKey()); + + //Add error message to mail field + $login->get('mail')->addError(new FormError($error)); + + //Create the LoginType form and give the proper parameters + $recover = $this->createForm($this->config['recover']['view']['form'], null, [ + //Set action to recover route name and context + 'action' => $this->generateUrl($this->config['route']['recover']['name'], $this->config['route']['recover']['context']), + //Without password + 'password' => false, + //Set method + 'method' => 'POST' + ]); + + //Get recover mail entity + $recover->get('mail') + //Set mail from login form + ->setData($login->get('mail')->getData()) + //Add recover error + ->addError(new FormError($this->translator->trans('Use this form to recover your account'))); + + //Add recover form to context + $context['recover'] = $recover->createView(); + } else { + //Add notice + $this->addFlash('notice', $this->translator->trans('To change your password login with your mail and any password then follow the procedure')); + } + + //Render view + return $this->render( + //Template + $this->config['login']['view']['name'], + //Context + ['login' => $login->createView()]+$context+$this->config['login']['view']['context'] + ); + } - //Send message - if ($this->get('mailer')->send($message)) { - //Redirect to cleanup the form - return $this->redirectToRoute('rapsys_user_recover', array('sent' => 1)); + /** + * Recover account + * + * @param Request $request The request + * @param ?string $hash The hashed password + * @param ?string $pass The shorted password + * @param ?string $mail The shorted mail address + * @return Response The response + */ + public function recover(Request $request, ?string $hash, ?string $pass, ?string $mail): Response { + //Without mail, pass and hash + if (empty($mail) && empty($pass) && empty($hash)) { + //Create the LoginType form and give the proper parameters + $form = $this->createForm($this->config['recover']['view']['form'], null, [ + //Set action to recover route name and context + 'action' => $this->generateUrl($this->config['route']['recover']['name'], $this->config['route']['recover']['context']), + //Without password + 'password' => false, + //Set method + 'method' => 'POST' + ]); + + //With post method + if ($request->isMethod('POST')) { + //Refill the fields in case the form is not valid. + $form->handleRequest($request); + + //With form submitted and valid + if ($form->isSubmitted() && $form->isValid()) { + //Set data + $data = $form->getData(); + + //Find user by data mail + if ($user = $this->doctrine->getRepository($this->config['class']['user'])->findOneByMail($data['mail'])) { + //Set mail shortcut + $recoverMail =& $this->config['recover']['mail']; + + //Set mail + $mail = $this->slugger->short($user->getMail()); + + //Set pass + $pass = $this->slugger->hash($user->getPassword()); + + //Generate each route route + foreach($this->config['recover']['route'] as $route => $tag) { + //Only process defined routes + if (!empty($this->config['route'][$route])) { + //Process for recover mail url + if ($route == 'recover') { + //Set the url in context + $recoverMail['context'][$tag] = $this->router->generate( + $this->config['route'][$route]['name'], + //Prepend recover context with tag + [ + 'mail' => $mail, + 'pass' => $pass, + 'hash' => $this->slugger->hash($mail.$pass) + ]+$this->config['route'][$route]['context'], + UrlGeneratorInterface::ABSOLUTE_URL + ); + } + } + } + + //Set recipient_name + $recoverMail['context']['recipient_mail'] = $user->getMail(); + + //Set recipient_name + $recoverMail['context']['recipient_name'] = $user->getRecipientName(); + + //Init subject context + $subjectContext = $this->slugger->flatten(array_replace_recursive($this->config['recover']['view']['context'], $recoverMail['context']), null, '.', '%', '%'); + + //Translate subject + $recoverMail['subject'] = ucfirst($this->translator->trans($recoverMail['subject'], $subjectContext)); + + //Create message + $message = (new TemplatedEmail()) + //Set sender + ->from(new Address($this->config['contact']['mail'], $this->config['contact']['title'])) + //Set recipient + //XXX: remove the debug set in vendor/symfony/mime/Address.php +46 + ->to(new Address($recoverMail['context']['recipient_mail'], $recoverMail['context']['recipient_name'])) + //Set subject + ->subject($recoverMail['subject']) + + //Set path to twig templates + ->htmlTemplate($recoverMail['html']) + ->textTemplate($recoverMail['text']) + + //Set context + //XXX: require recursive merge to avoid loosing subkeys + //['subject' => $recoverMail['subject']]+$recoverMail['context']+$this->config['recover']['view']['context'] + ->context(array_replace_recursive($this->config['recover']['view']['context'], $recoverMail['context'], ['subject' => $recoverMail['subject']])); + + //Try sending message + //XXX: mail delivery may silently fail + try { + //Send message + $this->mailer->send($message); + + //Redirect on the same route with sent=1 to cleanup form + return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$request->get('_route_params')); + //Catch obvious transport exception + } catch(TransportExceptionInterface $e) { + //Add error message mail unreachable + $form->get('mail')->addError(new FormError($this->translator->trans('Account found but unable to contact: %mail%', array('%mail%' => $data['mail'])))); + } + //Accout not found + } else { + //Add error message to mail field + $form->get('mail')->addError(new FormError($this->translator->trans('Unable to find account %mail%', ['%mail%' => $data['mail']]))); } - //Accout not found - } else { - //Add error message to mail field - $form->get('mail')->addError(new FormError($trans->trans('Unable to find account: %mail%', array('%mail%' => $data['mail'])))); } } + + //Render view + return $this->render( + //Template + $this->config['recover']['view']['name'], + //Context + ['form' => $form->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['recover']['view']['context'] + ); + } + + //With invalid hash + if ($hash != $this->slugger->hash($mail.$pass)) { + //Throw bad request + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash])); + } + + //Get mail + $mail = $this->slugger->unshort($smail = $mail); + + //Without valid mail + if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) { + //Throw bad request + //XXX: prevent slugger reverse engineering by not displaying decoded mail + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail])); + } + + //With existing subscriber + if (empty($user = $this->doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) { + //Throw not found + //XXX: prevent slugger reverse engineering by not displaying decoded mail + throw $this->createNotFoundException($this->translator->trans('Unable to find account %mail%', ['%mail%' => $smail])); + } + + //With unmatched pass + if ($pass != $this->slugger->hash($user->getPassword())) { + //Throw not found + //XXX: prevent use of outdated recover link + throw $this->createNotFoundException($this->translator->trans('Outdated recover link')); + } + + //Create the LoginType form and give the proper parameters + $form = $this->createForm($this->config['recover']['view']['form'], $user, [ + //Set action to recover route name and context + 'action' => $this->generateUrl($this->config['route']['recover']['name'], ['mail' => $smail, 'pass' => $pass, 'hash' => $hash]+$this->config['route']['recover']['context']), + //Without mail + 'mail' => false, + //Set method + 'method' => 'POST' + ]); + + //With post method + if ($request->isMethod('POST')) { + //Refill the fields in case the form is not valid. + $form->handleRequest($request); + + //With form submitted and valid + if ($form->isSubmitted() && $form->isValid()) { + //Set data + $data = $form->getData(); + + //Set hashed password + $hashed = $this->hasher->hashPassword($user, $user->getPassword()); + + //Update pass + $pass = $this->slugger->hash($hashed); + + //Set user password + $user->setPassword($hashed); + + //Persist user + $this->manager->persist($user); + + //Send to database + $this->manager->flush(); + + //Add notice + $this->addFlash('notice', $this->translator->trans('Account %mail% password updated', ['%mail%' => $mail])); + + //Redirect to user login + return $this->redirectToRoute($this->config['route']['login']['name'], ['mail' => $smail, 'hash' => $this->slugger->hash($smail)]+$this->config['route']['login']['context']); + } } //Render view - return $this->render($template, $context+array('form' => $form->createView(), 'sent' => $request->query->get('sent', 0))); + return $this->render( + //Template + $this->config['recover']['view']['name'], + //Context + ['form' => $form->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['recover']['view']['context'] + ); } - public function recoverMailAction(Request $request, UserPasswordEncoderInterface $encoder, Slugger $slugger, $mail, $hash) { - //Get mail template - $mailTemplate = $this->container->getParameter(($alias = $this->getAlias()).'.recover_mail.mail_template'); - //Get mail context - $mailContext = $this->container->getParameter($alias.'.recover_mail.mail_context'); - //Get template - $template = $this->container->getParameter($alias.'.recover_mail.template'); - //Get context - $context = $this->container->getParameter($alias.'.recover_mail.context'); - //Get url name - $urlName = $this->container->getParameter($alias.'.recover_mail.url_name'); - //Get url args - $urlArgs = $this->container->getParameter($alias.'.recover_mail.url_args'); - //Get home name - $homeName = $this->container->getParameter($alias.'.contact.home_name'); - //Get home args - $homeArgs = $this->container->getParameter($alias.'.contact.home_args'); - //Get contact name - $contactName = $this->container->getParameter($alias.'.contact.name'); - //Get contact mail - $contactMail = $this->container->getParameter($alias.'.contact.mail'); - //Get class user - $classUser = $this->container->getParameter($alias.'.class.user'); - - //Create the form according to the FormType created previously. - //And give the proper parameters - $form = $this->createForm('Rapsys\UserBundle\Form\RecoverMailType', null, array( - // To set the action use $this->generateUrl('route_identifier') - 'action' => $this->generateUrl('rapsys_user_recover_mail', array('mail' => $mail, 'hash' => $hash)), - 'method' => 'POST' - )); + /** + * Register an account + * + * @param Request $request The request + * @param ?string $hash The hashed serialized field array + * @param ?string $field The serialized then shorted form field array + * @param ?string $mail The shorted mail address + * @return Response The response + */ + public function register(Request $request, ?string $hash, ?string $field, ?string $mail): Response { + //With mail + if (!empty($_POST['register']['mail'])) { + //Log new user infos + $this->logger->emergency( + $this->translator->trans( + 'register: mail=%mail% locale=%locale% confirm=%confirm%', + [ + '%mail%' => $postMail = $_POST['register']['mail'], + '%locale%' => $request->getLocale(), + '%confirm%' => $this->router->generate( + $this->config['route']['confirm']['name'], + //Prepend subscribe context with tag + [ + 'mail' => $postSmail = $this->slugger->short($postMail), + 'hash' => $this->slugger->hash($postSmail) + ]+$this->config['route']['confirm']['context'], + UrlGeneratorInterface::ABSOLUTE_URL + ) + ] + ) + ); + } - //Get doctrine - $doctrine = $this->getDoctrine(); + //With mail and field + if (!empty($field) && !empty($hash)) { + //With invalid hash + if ($hash != $this->slugger->hash($mail.$field)) { + //Throw bad request + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash])); + } - //Get translator - $trans = $this->get('translator'); + //With mail + if (!empty($mail)) { + //Get mail + $mail = $this->slugger->unshort($smail = $mail); - //Init not found - $notfound = 1; + //Without valid mail + if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) { + //Throw bad request + //XXX: prevent slugger reverse engineering by not displaying decoded mail + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail])); + } - //Retrieve user - if (($user = $doctrine->getRepository($classUser)->findOneByMail($slugger->unshort($mail))) && $hash == $slugger->hash($user->getPassword())) { - //User was found - $notfound = 0; + //With existing registrant + if ($existing = $this->doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail)) { + //With disabled existing + if ($existing->isDisabled()) { + //Render view + $response = $this->render( + //Template + $this->config['register']['view']['name'], + //Context + ['title' => $this->translator->trans('Access denied'), 'disabled' => 1]+$this->config['register']['view']['context'] + ); - if ($request->isMethod('POST')) { - // Refill the fields in case the form is not valid. - $form->handleRequest($request); + //Set 403 + $response->setStatusCode(403); + + //Return response + return $response; + //With unactivated existing + } elseif (!$existing->isActivated()) { + //Set mail shortcut + $activateMail =& $this->config['register']['mail']; + + //Generate each route route + foreach($this->config['register']['route'] as $route => $tag) { + //Only process defined routes + if (!empty($this->config['route'][$route])) { + //Process for confirm url + if ($route == 'confirm') { + //Set the url in context + $activateMail['context'][$tag] = $this->router->generate( + $this->config['route'][$route]['name'], + //Prepend subscribe context with tag + [ + 'mail' => $smail = $this->slugger->short($existing->getMail()), + 'hash' => $this->slugger->hash($smail) + ]+$this->config['route'][$route]['context'], + UrlGeneratorInterface::ABSOLUTE_URL + ); + } + } + } + + //Set recipient_name + $activateMail['context']['recipient_mail'] = $existing->getMail(); + + //Set recipient name + $activateMail['context']['recipient_name'] = $existing->getRecipientName(); + + //Init subject context + $subjectContext = $this->slugger->flatten(array_replace_recursive($this->config['register']['view']['context'], $activateMail['context']), null, '.', '%', '%'); + + //Translate subject + $activateMail['subject'] = ucfirst($this->translator->trans($activateMail['subject'], $subjectContext)); + + //Create message + $message = (new TemplatedEmail()) + //Set sender + ->from(new Address($this->config['contact']['mail'], $this->config['contact']['title'])) + //Set recipient + //XXX: remove the debug set in vendor/symfony/mime/Address.php +46 + ->to(new Address($activateMail['context']['recipient_mail'], $activateMail['context']['recipient_name'])) + //Set subject + ->subject($activateMail['subject']) + + //Set path to twig templates + ->htmlTemplate($activateMail['html']) + ->textTemplate($activateMail['text']) + + //Set context + ->context(['subject' => $activateMail['subject']]+$activateMail['context']); + + //Try sending message + //XXX: mail delivery may silently fail + try { + //Send message + $this->mailer->send($message); + //Catch obvious transport exception + } catch(TransportExceptionInterface $e) { + //Add error message mail unreachable + $this->addFlash('error', $this->translator->trans('Account %mail% tried activate but unable to contact', ['%mail%' => $existing->getMail()])); + } + + //Get route params + $routeParams = $request->get('_route_params'); + + //Remove mail, field and hash from route params + unset($routeParams['mail'], $routeParams['field'], $routeParams['hash']); + + //Redirect on the same route with sent=1 to cleanup form + return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$routeParams); + } - if ($form->isValid()) { - //Set data - $data = $form->getData(); + //Add error message mail already exists + $this->addFlash('warning', $this->translator->trans('Account %mail% already exists', ['%mail%' => $existing->getMail()])); + + //Redirect to user view + return $this->redirectToRoute( + $this->config['route']['edit']['name'], + [ + 'mail' => $smail = $this->slugger->short($existing->getMail()), + 'hash' => $this->slugger->hash($smail) + ]+$this->config['route']['edit']['context'] + ); + } + //Without mail + } else { + //Set smail + $smail = $mail; + } - //Translate title - $mailContext['title'] = $trans->trans($mailContext['title']); + //Try + try { + //Unshort then unserialize field + $field = $this->slugger->unserialize($sfield = $field); + //Catch type error + } catch (\Error|\Exception $e) { + //Throw bad request + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'field', '%value%' => $field]), $e); + } - //Translate title - $mailContext['subtitle'] = $trans->trans($mailContext['subtitle'], array('%name%' => $user->getForename().' '.$user->getSurname().' ('.$user->getPseudonym().')')); + //With non array field + if (!is_array($field)) { + //Throw bad request + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'field', '%value%' => $field])); + } + //Without field and hash + } else { + //Set smail + $smail = $mail; - //Translate subject - $mailContext['subject'] = $trans->trans($mailContext['subject'], array('%title%' => $mailContext['title'])); + //Set smail + $sfield = $field; - //Set user password - $user->setPassword($encoder->encodePassword($user, $data['password'])); + //Reset field + $field = []; + } - //Translate message - $mailContext['raw'] = $trans->trans($mailContext['raw'], array('%title%' => $mailContext['title'], '%url%' => $this->get('router')->generate($urlName, $urlArgs+array('mail' => $slugger->short($user->getMail()), 'hash' => $slugger->hash($user->getPassword())), UrlGeneratorInterface::ABSOLUTE_URL))); + //Init reflection + $reflection = new \ReflectionClass($this->config['class']['user']); + + //Create new user + $user = $reflection->newInstance(strval($mail)); + + //Create the RegisterType form and give the proper parameters + $form = $this->createForm($this->config['register']['view']['form'], $user, $field+[ + //Set action to register route name and context + 'action' => $this->generateUrl($this->config['route']['register']['name'], ['mail' => $smail, 'field' => $sfield, 'hash' => $hash]+$this->config['route']['register']['context']), + //Set civility class + 'civility_class' => $this->config['class']['civility'], + //Set civility default + 'civility_default' => $this->doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']), + //With mail + 'mail' => true, + //Set method + 'method' => 'POST' + ]+$this->config['register']['field']); - //Get manager - $manager = $doctrine->getManager(); + //With post method + if ($request->isMethod('POST')) { + //Refill the fields in case the form is not valid. + $form->handleRequest($request); - //Persist user - $manager->persist($user); + //With form submitted and valid + if ($form->isSubmitted() && $form->isValid()) { + //Set data + $data = $form->getData(); + //With existing registrant + if ($this->doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail = $data->getMail())) { + //Add error message mail already exists + $this->addFlash('warning', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail])); + + //Redirect to user view + return $this->redirectToRoute( + $this->config['route']['edit']['name'], + [ + 'mail' => $smail = $this->slugger->short($mail), + 'hash' => $this->slugger->hash($smail) + ]+$this->config['route']['edit']['context'] + ); + } + + //Set mail shortcut + $registerMail =& $this->config['register']['mail']; + + //Set password + $user->setPassword($this->hasher->hashPassword($user, $user->getPassword())); + + //Persist user + $this->manager->persist($user); + + //Iterate on default group + foreach($this->config['default']['group'] as $i => $groupTitle) { + //Fetch group + if (($group = $this->doctrine->getRepository($this->config['class']['group'])->findOneByTitle($groupTitle))) { + //Set default group + //XXX: see vendor/symfony/security-core/Role/Role.php + $user->addGroup($group); + //Group not found + } else { + //Throw exception + //XXX: consider missing group as fatal + throw new \Exception(sprintf('Group from rapsys_user.default.group[%d] not found by title: %s', $i, $groupTitle)); + } + } + + //Generate each route route + foreach($this->config['register']['route'] as $route => $tag) { + //Only process defined routes + if (!empty($this->config['route'][$route])) { + //Process for confirm url + if ($route == 'confirm') { + //Set the url in context + $registerMail['context'][$tag] = $this->router->generate( + $this->config['route'][$route]['name'], + //Prepend subscribe context with tag + [ + 'mail' => $smail = $this->slugger->short($data->getMail()), + 'hash' => $this->slugger->hash($smail) + ]+$this->config['route'][$route]['context'], + UrlGeneratorInterface::ABSOLUTE_URL + ); + } + } + } + + //Set recipient_name + $registerMail['context']['recipient_mail'] = $data->getMail(); + + //Set recipient name + $registerMail['context']['recipient_name'] = $data->getRecipientName(); + + //Init subject context + $subjectContext = $this->slugger->flatten(array_replace_recursive($this->config['register']['view']['context'], $registerMail['context']), null, '.', '%', '%'); + + //Translate subject + $registerMail['subject'] = ucfirst($this->translator->trans($registerMail['subject'], $subjectContext)); + + //Create message + $message = (new TemplatedEmail()) + //Set sender + ->from(new Address($this->config['contact']['mail'], $this->config['contact']['title'])) + //Set recipient + //XXX: remove the debug set in vendor/symfony/mime/Address.php +46 + ->to(new Address($registerMail['context']['recipient_mail'], $registerMail['context']['recipient_name'])) + //Set subject + ->subject($registerMail['subject']) + + //Set path to twig templates + ->htmlTemplate($registerMail['html']) + ->textTemplate($registerMail['text']) + + //Set context + ->context(['subject' => $registerMail['subject']]+$registerMail['context']); + + //Try saving in database + try { //Send to database - $manager->flush(); - - //Create message - $message = \Swift_Message::newInstance() - ->setSubject($mailContext['subject']) - ->setFrom(array($contactMail => $contactName)) - ->setTo(array($user->getMail() => $user->getForename().' '.$user->getSurname())) - ->setBody(strip_tags($mailContext['raw'])) - ->addPart( - $this->renderView( - $mailTemplate, - $mailContext+array( - 'home' => $this->get('router')->generate($homeName, $homeArgs, UrlGeneratorInterface::ABSOLUTE_URL) - ) - ), - 'text/html' - ); + $this->manager->flush(); - //Send message - if ($this->get('mailer')->send($message)) { - //Redirect to cleanup the form - return $this->redirectToRoute('rapsys_user_recover_mail', array('mail' => $mail, 'hash' => $hash, 'sent' => 1)); + //Add error message mail already exists + $this->addFlash('notice', $this->translator->trans('Your account has been created')); + + //Try sending message + //XXX: mail delivery may silently fail + try { + //Send message + $this->mailer->send($message); + + //Redirect on the same route with sent=1 to cleanup form + return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$request->get('_route_params')); + //Catch obvious transport exception + } catch(TransportExceptionInterface $e) { + //Add error message mail unreachable + $form->get('mail')->addError(new FormError($this->translator->trans('Account %mail% tried subscribe but unable to contact', ['%mail%' => $data->getMail()]))); } + //Catch double subscription + } catch (UniqueConstraintViolationException $e) { + //Add error message mail already exists + $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail])); } } } //Render view - return $this->render($template, $context+array('form' => $form->createView(), 'sent' => $request->query->get('sent', 0), 'notfound' => $notfound)); - } - - /** - * {@inheritdoc} - */ - public function getAlias() { - return 'rapsys_user'; + return $this->render( + //Template + $this->config['register']['view']['name'], + //Context + ['form' => $form->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['register']['view']['context'] + ); } }