X-Git-Url: https://git.rapsys.eu/userbundle/blobdiff_plain/ff811180315cd026ece71c33fbf90b8dea2f8e51..436b8a2b29c4df2d84bacfe2acf0545fefd55346:/Controller/DefaultController.php diff --git a/Controller/DefaultController.php b/Controller/DefaultController.php index 7e16358..5c3c51c 100644 --- a/Controller/DefaultController.php +++ b/Controller/DefaultController.php @@ -1,14 +1,26 @@ - + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ namespace Rapsys\UserBundle\Controller; +use Doctrine\Bundle\DoctrineBundle\Registry; +use Doctrine\ORM\EntityManagerInterface; +use Psr\Log\LoggerInterface; use Symfony\Bridge\Twig\Mime\TemplatedEmail; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Component\DependencyInjection\ContainerInterface; -use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; use Symfony\Component\Form\FormError; -use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; use Symfony\Component\Mailer\Exception\TransportExceptionInterface; use Symfony\Component\Mailer\MailerInterface; use Symfony\Component\Mime\Address; @@ -17,9 +29,9 @@ use Symfony\Component\Routing\RouterInterface; use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface; use Symfony\Component\Security\Http\Authentication\AuthenticationUtils; use Symfony\Component\Translation\TranslatorInterface; -use Psr\Log\LoggerInterface; use Rapsys\PackBundle\Util\SluggerUtil; +use Rapsys\UserBundle\RapsysUserBundle; class DefaultController extends AbstractController { //Config array @@ -39,7 +51,7 @@ class DefaultController extends AbstractController { */ public function __construct(ContainerInterface $container, RouterInterface $router, TranslatorInterface $translator) { //Retrieve config - $this->config = $container->getParameter($this->getAlias()); + $this->config = $container->getParameter(self::getAlias()); //Set the translator $this->translator = $translator; @@ -222,20 +234,18 @@ class DefaultController extends AbstractController { * Confirm account from mail link * * @param Request $request The request + * @param Registry $manager The doctrine registry * @param UserPasswordEncoderInterface $encoder The password encoder + * @param EntityManagerInterface $manager The doctrine entity manager * @param SluggerUtil $slugger The slugger * @param MailerInterface $mailer The mailer * @param string $mail The shorted mail address - * @param string $extra The serialized then shorted extra array * @param string $hash The hashed password * @return Response The response */ - public function confirm(Request $request, UserPasswordEncoderInterface $encoder, SluggerUtil $slugger, MailerInterface $mailer, $mail, $extra, $hash) { - //Get doctrine - $doctrine = $this->getDoctrine(); - + public function confirm(Request $request, Registry $doctrine, UserPasswordEncoderInterface $encoder, EntityManagerInterface $manager, SluggerUtil $slugger, MailerInterface $mailer, $mail, $hash): Response { //With invalid hash - if ($hash != $slugger->hash($mail.$extra)) { + if ($hash != $slugger->hash($mail)) { //Throw bad request throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash])); } @@ -246,159 +256,92 @@ class DefaultController extends AbstractController { //Without valid mail if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) { //Throw bad request - throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $mail])); + //XXX: prevent slugger reverse engineering by not displaying decoded mail + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail])); } - //With existing subscriber - if ($doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail)) { + //Without existing registrant + if (!($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) { //Add error message mail already exists - $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail])); - - //Redirect to user view - return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']); - } - - //Get extra - $extra = $slugger->unserialize($sextra = $extra); - - //Without valid extra - if (!is_array($extra)) { - //Throw bad request - throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'extra', '%value%' => $sextra])); - } - - //Extract names and pseudonym from mail - $names = explode(' ', $pseudonym = ucwords(trim(preg_replace('/[^a-zA-Z]+/', ' ', current(explode('@', $mail)))))); - - //Get manager - $manager = $doctrine->getManager(); - - //Init reflection - $reflection = new \ReflectionClass($this->config['class']['user']); - - //Create new user - $user = $reflection->newInstance(); - - //Set mail - $user->setMail($mail); - - //Set default value - $default = [ - 'civility(title)' => $this->config['default']['civility'], - 'pseudonym' => $pseudonym, - 'forename' => $names[0]??$pseudonym, - 'surname' => $names[1]??$pseudonym, - 'password' => $encoder->encodePassword($user, $mail), - 'active' => true - ]; - - //Iterate on each default value - //TODO: store add/set action between [] ??? - foreach($extra+$default as $key => $value) { - //Set member - $member = $key; - - //With title entity - if (substr($key, -strlen('(title)')) === '(title)') { - //Remove field info - $member = substr($member, 0, -strlen('(title)')); - - //Get object as value - $value = $doctrine->getRepository($this->config['class'][$member])->findOneByTitle($value); - //With id entity - } elseif (substr($key, -strlen('(id)')) === '(id)') { - //Remove field info - $member = substr($member, 0, -strlen('(id)')); - - //Get object as value - $value = $doctrine->getRepository($this->config['class'][$key])->findOneById($value); - } - - //Set value - $user->{'set'.ucfirst($member)}($value); - - //Unset extra value - unset($extra[$key]); - } + //XXX: prevent slugger reverse engineering by not displaying decoded mail + $this->addFlash('error', $this->translator->trans('Account %mail% do not exists', ['%mail%' => $smail])); - //Iterate on default group - foreach($this->config['default']['group'] as $i => $groupTitle) { - //Fetch group - if (($group = $doctrine->getRepository($this->config['class']['group'])->findOneByTitle($groupTitle))) { - //Set default group - //XXX: see vendor/symfony/security-core/Role/Role.php - $user->addGroup($group); - //Group not found - } else { - //Throw exception - //XXX: consider missing group as fatal - throw new \Exception(sprintf('Group from rapsys_user.default.group[%d] not found by title: %s', $i, $groupTitle)); - } + //Redirect to register view + return $this->redirectToRoute($this->config['route']['register']['name'], ['mail' => $smail, 'field' => $sfield = $slugger->serialize([]), 'hash' => $slugger->hash($smail.$sfield)]+$this->config['route']['register']['context']); } - $user->setCreated(new \DateTime('now')); - $user->setUpdated(new \DateTime('now')); + //Set active + $user->setActive(true); //Persist user $manager->persist($user); - //Try saving in database - try { - //Send to database - $manager->flush(); + //Send to database + $manager->flush(); - //Add error message mail already exists - $this->addFlash('notice', $this->translator->trans('Your account has been created')); - //Catch double subscription - } catch (\Doctrine\DBAL\Exception\UniqueConstraintViolationException $e) { - //Add error message mail already exists - $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail])); - } + //Add error message mail already exists + $this->addFlash('notice', $this->translator->trans('Your account has been activated')); //Redirect to user view - return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']); + return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']); } /** * Edit account by shorted mail * * @param Request $request The request + * @param Registry $manager The doctrine registry + * @param UserPasswordEncoderInterface $encoder The password encoder + * @param EntityManagerInterface $manager The doctrine entity manager * @param SluggerUtil $slugger The slugger * @param string $mail The shorted mail address + * @param string $hash The hashed password * @return Response The response */ - public function edit(Request $request, SluggerUtil $slugger, $mail) { - //Get doctrine - $doctrine = $this->getDoctrine(); + public function edit(Request $request, Registry $doctrine, UserPasswordEncoderInterface $encoder, EntityManagerInterface $manager, SluggerUtil $slugger, $mail, $hash): Response { + //With invalid hash + if ($hash != $slugger->hash($mail)) { + //Throw bad request + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash])); + } //Get mail $mail = $slugger->unshort($smail = $mail); //With existing subscriber if (empty($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) { - var_dump($mail); //Throw not found //XXX: prevent slugger reverse engineering by not displaying decoded mail throw $this->createNotFoundException($this->translator->trans('Unable to find account %mail%', ['%mail%' => $smail])); } - //Get user token - $token = new UsernamePasswordToken($user, null, 'none', $user->getRoles()); - - //Check if guest - $isGuest = $this->get('rapsys_user.access_decision_manager')->decide($token, ['ROLE_GUEST']); - //Prevent access when not admin, user is not guest and not currently logged user - if (!$this->isGranted('ROLE_ADMIN') && empty($isGuest) && $user != $this->getUser()) { + if (!$this->isGranted('ROLE_ADMIN') && $user != $this->getUser() || !$this->isGranted('IS_AUTHENTICATED_FULLY')) { //Throw access denied //XXX: prevent slugger reverse engineering by not displaying decoded mail throw $this->createAccessDeniedException($this->translator->trans('Unable to access user: %mail%', ['%mail%' => $smail])); } //Create the RegisterType form and give the proper parameters - $form = $this->createForm($this->config['register']['view']['form'], $user, [ + $editForm = $this->createForm($this->config['register']['view']['form'], $user, [ + //Set action to register route name and context + 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']), + //Set civility class + 'civility_class' => $this->config['class']['civility'], + //Set civility default + 'civility_default' => $doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']), + //Disable mail + 'mail' => $this->isGranted('ROLE_ADMIN'), + //Disable password + 'password' => false, + //Set method + 'method' => 'POST' + ]); + + //Create the RegisterType form and give the proper parameters + $edit = $this->createForm($this->config['edit']['view']['edit'], $user, [ //Set action to register route name and context - 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']), + 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']), //Set civility class 'civility_class' => $this->config['class']['civility'], //Set civility default @@ -406,22 +349,68 @@ class DefaultController extends AbstractController { //Disable mail 'mail' => $this->isGranted('ROLE_ADMIN'), //Disable password - //XXX: prefer a reset on login to force user unspam action 'password' => false, //Set method 'method' => 'POST' ]); + //With admin role + if ($this->isGranted('ROLE_ADMIN')) { + //Create the LoginType form and give the proper parameters + $reset = $this->createForm($this->config['edit']['view']['reset'], $user, [ + //Set action to register route name and context + 'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']), + //Disable mail + 'mail' => false, + //Set method + 'method' => 'POST' + ]); + + //With post method + if ($request->isMethod('POST')) { + //Refill the fields in case the form is not valid. + $reset->handleRequest($request); + + //With reset submitted and valid + if ($reset->isSubmitted() && $reset->isValid()) { + //Set data + $data = $reset->getData(); + + //Set password + $data->setPassword($encoder->encodePassword($data, $data->getPassword())); + + //Queue snippet save + $manager->persist($data); + + //Flush to get the ids + $manager->flush(); + + //Add notice + $this->addFlash('notice', $this->translator->trans('Account %mail% password updated', ['%mail%' => $mail = $data->getMail()])); + + //Redirect to cleanup the form + return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $slugger->short($mail), 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']); + } + } + + //Add reset view + $this->config['edit']['view']['context']['reset'] = $reset->createView(); + //Without admin role + //XXX: prefer a reset on login to force user unspam action + } else { + //Add notice + $this->addFlash('notice', $this->translator->trans('To change your password login with your mail and any password then follow the procedure')); + } + + //With post method if ($request->isMethod('POST')) { //Refill the fields in case the form is not valid. - $form->handleRequest($request); + $edit->handleRequest($request); - if ($form->isValid()) { + //With edit submitted and valid + if ($edit->isSubmitted() && $edit->isValid()) { //Set data - $data = $form->getData(); - - //Get manager - $manager = $doctrine->getManager(); + $data = $edit->getData(); //Queue snippet save $manager->persist($data); @@ -430,18 +419,11 @@ class DefaultController extends AbstractController { $manager->flush(); //Add notice - $this->addFlash('notice', $this->translator->trans('Account %mail% updated', ['%mail%' => $mail])); - - //Redirect to user view - //TODO: extract referer ??? or useless ??? - return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']); + $this->addFlash('notice', $this->translator->trans('Account %mail% updated', ['%mail%' => $mail = $data->getMail()])); //Redirect to cleanup the form - return $this->redirectToRoute('rapsys_air', ['user' => $data->getId()]); + return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $slugger->short($mail), 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']); } - } else { - //Add notice - $this->addFlash('notice', $this->translator->trans('To change your password login with your mail %mail% and any password then follow the procedure', ['%mail%' => $mail])); } //Render view @@ -449,7 +431,7 @@ class DefaultController extends AbstractController { //Template $this->config['edit']['view']['name'], //Context - ['form' => $form->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['edit']['view']['context'] + ['edit' => $edit->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['edit']['view']['context'] ); } @@ -458,21 +440,47 @@ class DefaultController extends AbstractController { * * @param Request $request The request * @param AuthenticationUtils $authenticationUtils The authentication utils + * @param RouterInterface $router The router instance + * @param SluggerUtil $slugger The slugger + * @param string $mail The shorted mail address + * @param string $hash The hashed password * @return Response The response */ - public function login(Request $request, AuthenticationUtils $authenticationUtils) { + public function login(Request $request, AuthenticationUtils $authenticationUtils, RouterInterface $router, SluggerUtil $slugger, $mail, $hash): Response { //Create the LoginType form and give the proper parameters $login = $this->createForm($this->config['login']['view']['form'], null, [ //Set action to login route name and context 'action' => $this->generateUrl($this->config['route']['login']['name'], $this->config['route']['login']['context']), + //Disable repeated password + 'password_repeated' => false, + //Set method 'method' => 'POST' ]); //Init context $context = []; + //With mail + if (!empty($mail) && !empty($hash)) { + //With invalid hash + if ($hash != $slugger->hash($mail)) { + //Throw bad request + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash])); + } + + //Get mail + $mail = $slugger->unshort($smail = $mail); + + //Without valid mail + if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) { + //Throw bad request + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail])); + } + + //Prefilled mail + $login->get('mail')->setData($mail); //Last username entered by the user - if ($lastUsername = $authenticationUtils->getLastUsername()) { + } elseif ($lastUsername = $authenticationUtils->getLastUsername()) { $login->get('mail')->setData($lastUsername); } @@ -484,7 +492,7 @@ class DefaultController extends AbstractController { //Add error message to mail field $login->get('mail')->addError(new FormError($error)); - //Create the RecoverType form and give the proper parameters + //Create the LoginType form and give the proper parameters $recover = $this->createForm($this->config['recover']['view']['form'], null, [ //Set action to recover route name and context 'action' => $this->generateUrl($this->config['route']['recover']['name'], $this->config['route']['recover']['context']), @@ -521,7 +529,9 @@ class DefaultController extends AbstractController { * Recover account * * @param Request $request The request + * @param Registry $manager The doctrine registry * @param UserPasswordEncoderInterface $encoder The password encoder + * @param EntityManagerInterface $manager The doctrine entity manager * @param SluggerUtil $slugger The slugger * @param MailerInterface $mailer The mailer * @param string $mail The shorted mail address @@ -529,13 +539,10 @@ class DefaultController extends AbstractController { * @param string $hash The hashed password * @return Response The response */ - public function recover(Request $request, UserPasswordEncoderInterface $encoder, SluggerUtil $slugger, MailerInterface $mailer, $mail, $pass, $hash) { - //Get doctrine - $doctrine = $this->getDoctrine(); - + public function recover(Request $request, Registry $doctrine, UserPasswordEncoderInterface $encoder, EntityManagerInterface $manager, SluggerUtil $slugger, MailerInterface $mailer, $mail, $pass, $hash): Response { //Without mail, pass and hash if (empty($mail) && empty($pass) && empty($hash)) { - //Create the RecoverType form and give the proper parameters + //Create the LoginType form and give the proper parameters $form = $this->createForm($this->config['recover']['view']['form'], null, [ //Set action to recover route name and context 'action' => $this->generateUrl($this->config['route']['recover']['name'], $this->config['route']['recover']['context']), @@ -658,7 +665,8 @@ class DefaultController extends AbstractController { //Without valid mail if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) { //Throw bad request - throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $mail])); + //XXX: prevent slugger reverse engineering by not displaying decoded mail + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail])); } //With existing subscriber @@ -675,7 +683,7 @@ class DefaultController extends AbstractController { throw $this->createNotFoundException($this->translator->trans('Outdated recover link')); } - //Create the RecoverType form and give the proper parameters + //Create the LoginType form and give the proper parameters $form = $this->createForm($this->config['recover']['view']['form'], $user, [ //Set action to recover route name and context 'action' => $this->generateUrl($this->config['route']['recover']['name'], ['mail' => $smail, 'pass' => $pass, 'hash' => $hash]+$this->config['route']['recover']['context']), @@ -702,12 +710,6 @@ class DefaultController extends AbstractController { //Set user password $user->setPassword($encoded); - //Set updated - $user->setUpdated(new \DateTime('now')); - - //Get manager - $manager = $doctrine->getManager(); - //Persist user $manager->persist($user); @@ -735,30 +737,158 @@ class DefaultController extends AbstractController { * Register an account * * @param Request $request The request + * @param Registry $manager The doctrine registry * @param UserPasswordEncoderInterface $encoder The password encoder + * @param EntityManagerInterface $manager The doctrine entity manager * @param SluggerUtil $slugger The slugger * @param MailerInterface $mailer The mailer * @param LoggerInterface $logger The logger + * @param string $mail The shorted mail address * @param string $field The serialized then shorted form field array * @param string $hash The hashed serialized field array * @return Response The response */ - public function register(Request $request, UserPasswordEncoderInterface $encoder, SluggerUtil $slugger, MailerInterface $mailer, LoggerInterface $logger, $field, $hash) { - //Get doctrine - $doctrine = $this->getDoctrine(); + public function register(Request $request, Registry $doctrine, UserPasswordEncoderInterface $encoder, EntityManagerInterface $manager, SluggerUtil $slugger, MailerInterface $mailer, LoggerInterface $logger, $mail, $field, $hash): Response { + //Init reflection + $reflection = new \ReflectionClass($this->config['class']['user']); + + //Create new user + $user = $reflection->newInstance(); - //With field + //With mail and field if (!empty($field) && !empty($hash)) { //With invalid hash - if ($hash != $slugger->hash($field)) { + if ($hash != $slugger->hash($mail.$field)) { //Throw bad request throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash])); } + //With mail + if (!empty($mail)) { + //Get mail + $mail = $slugger->unshort($smail = $mail); + + //Without valid mail + if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) { + //Throw bad request + //XXX: prevent slugger reverse engineering by not displaying decoded mail + throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail])); + } + + //Set mail + $user->setMail($mail); + + //With existing registrant + if ($existing = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail)) { + //With disabled existing + if ($existing->isDisabled()) { + //Render view + return $this->render( + //Template + $this->config['register']['view']['name'], + //Context + ['title' => $this->translator->trans('Access denied'), 'disabled' => 1]+$this->config['register']['view']['context'], + //Set 403 + new Response('', 403) + ); + //With unactivated existing + } elseif (!$existing->isActivated()) { + //Set mail shortcut + //TODO: change for activate ??? + $activateMail =& $this->config['register']['mail']; + + //Generate each route route + foreach($this->config['register']['route'] as $route => $tag) { + //Only process defined routes + if (!empty($this->config['route'][$route])) { + //Process for confirm url + if ($route == 'confirm') { + //Set the url in context + $activateMail['context'][$tag] = $this->get('router')->generate( + $this->config['route'][$route]['name'], + //Prepend subscribe context with tag + [ + 'mail' => $smail = $slugger->short($existing->getMail()), + 'hash' => $slugger->hash($smail) + ]+$this->config['route'][$route]['context'], + UrlGeneratorInterface::ABSOLUTE_URL + ); + } + } + } + + //Set recipient_name + $activateMail['context']['recipient_mail'] = $existing->getMail(); + + //Set recipient name + $activateMail['context']['recipient_name'] = implode(' ', [$existing->getForename(), $existing->getSurname(), $existing->getPseudonym()?'('.$existing->getPseudonym().')':'']); + + //Init subject context + $subjectContext = $slugger->flatten(array_replace_recursive($this->config['register']['view']['context'], $activateMail['context']), null, '.', '%', '%'); + + //Translate subject + $activateMail['subject'] = ucfirst($this->translator->trans($activateMail['subject'], $subjectContext)); + + //Create message + $message = (new TemplatedEmail()) + //Set sender + ->from(new Address($this->config['contact']['mail'], $this->config['contact']['title'])) + //Set recipient + //XXX: remove the debug set in vendor/symfony/mime/Address.php +46 + ->to(new Address($activateMail['context']['recipient_mail'], $activateMail['context']['recipient_name'])) + //Set subject + ->subject($activateMail['subject']) + + //Set path to twig templates + ->htmlTemplate($activateMail['html']) + ->textTemplate($activateMail['text']) + + //Set context + ->context(['subject' => $activateMail['subject']]+$activateMail['context']); + + //Try sending message + //XXX: mail delivery may silently fail + try { + //Send message + $mailer->send($message); + //Catch obvious transport exception + } catch(TransportExceptionInterface $e) { + //Add error message mail unreachable + $this->addFlash('error', $this->translator->trans('Account %mail% tried activate but unable to contact', ['%mail%' => $existing->getMail()])); + } + + //Get route params + $routeParams = $request->get('_route_params'); + + //Remove mail, field and hash from route params + unset($routeParams['mail'], $routeParams['field'], $routeParams['hash']); + + //Redirect on the same route with sent=1 to cleanup form + return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$routeParams); + } + + //Add error message mail already exists + $this->addFlash('warning', $this->translator->trans('Account %mail% already exists', ['%mail%' => $existing->getMail()])); + + //Redirect to user view + return $this->redirectToRoute( + $this->config['route']['edit']['name'], + [ + 'mail' => $smail = $slugger->short($existing->getMail()), + 'hash' => $slugger->hash($smail) + ]+$this->config['route']['edit']['context'] + ); + } + //Without mail + } else { + //Set smail + $smail = $mail; + } + //Try try { //Unshort then unserialize field - $field = $slugger->unserialize($field); + $field = $slugger->unserialize($sfield = $field); //Catch type error } catch (\Error|\Exception $e) { //Throw bad request @@ -772,14 +902,20 @@ class DefaultController extends AbstractController { } //Without field and hash } else { + //Set smail + $smail = $mail; + + //Set smail + $sfield = $field; + //Reset field $field = []; } //Create the RegisterType form and give the proper parameters - $form = $this->createForm($this->config['register']['view']['form'], null, $field+[ + $form = $this->createForm($this->config['register']['view']['form'], $user, $field+[ //Set action to register route name and context - 'action' => $this->generateUrl($this->config['route']['register']['name'], $this->config['route']['register']['context']), + 'action' => $this->generateUrl($this->config['route']['register']['name'], ['mail' => $smail, 'field' => $sfield, 'hash' => $hash]+$this->config['route']['register']['context']), //Set civility class 'civility_class' => $this->config['class']['civility'], //Set civility default @@ -798,44 +934,62 @@ class DefaultController extends AbstractController { //Set data $data = $form->getData(); + //With existing registrant + if ($doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail = $data->getMail())) { + //Add error message mail already exists + $this->addFlash('warning', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail])); + + //Redirect to user view + return $this->redirectToRoute( + $this->config['route']['edit']['name'], + [ + 'mail' => $smail = $slugger->short($mail), + 'hash' => $slugger->hash($smail) + ]+$this->config['route']['edit']['context'] + ); + } + //Set mail shortcut $registerMail =& $this->config['register']['mail']; - //Set extra - $extra = []; - - //Init reflection - $reflection = new \ReflectionClass($this->config['class']['user']); - - //Create new user - $user = $reflection->newInstance(); - - //Iterate on each entry - //TODO: store add/set action between [] ??? - foreach($data as $key => $value) { - //Skip mail - if ($key == 'mail') { - continue; - //Store shorted title - } elseif (is_callable([$value, 'getTitle'])) { - $extra[$key.'(title)'] = $value->getTitle(); - //Store shorted id - } elseif (is_callable([$value, 'getId'])) { - $extra[$key.'(id)'] = $value->getId(); - //Store encoded password - } elseif(!empty($value) && $key == 'password') { - $extra['password'] = $encoder->encodePassword($user, $value); - //Store shorted value - } elseif (!empty($value)) { - $extra[$key] = $value; - } - } + //Extract names and pseudonym from mail + $names = explode(' ', $pseudonym = ucwords(trim(preg_replace('/[^a-zA-Z]+/', ' ', current(explode('@', $data->getMail())))))); - //Set mail - $mail = $slugger->short($data['mail']); + //Set pseudonym + $user->setPseudonym($user->getPseudonym()??$pseudonym); + + //Set forename + $user->setForename($user->getForename()??$names[0]); + + //Set surname + $user->setSurname($user->getSurname()??$names[1]??$names[0]); + + //Set password + $user->setPassword($encoder->encodePassword($user, $user->getPassword()??$data->getMail())); + + //Set created + $user->setCreated(new \DateTime('now')); + + //Set updated + $user->setUpdated(new \DateTime('now')); + + //Persist user + $manager->persist($user); - //Set extra - $extra = $slugger->serialize($extra); + //Iterate on default group + foreach($this->config['default']['group'] as $i => $groupTitle) { + //Fetch group + if (($group = $doctrine->getRepository($this->config['class']['group'])->findOneByTitle($groupTitle))) { + //Set default group + //XXX: see vendor/symfony/security-core/Role/Role.php + $user->addGroup($group); + //Group not found + } else { + //Throw exception + //XXX: consider missing group as fatal + throw new \Exception(sprintf('Group from rapsys_user.default.group[%d] not found by title: %s', $i, $groupTitle)); + } + } //Generate each route route foreach($this->config['register']['route'] as $route => $tag) { @@ -848,9 +1002,8 @@ class DefaultController extends AbstractController { $this->config['route'][$route]['name'], //Prepend subscribe context with tag [ - 'mail' => $mail, - 'extra' => $extra, - 'hash' => $slugger->hash($mail.$extra) + 'mail' => $smail = $slugger->short($data->getMail()), + 'hash' => $slugger->hash($smail) ]+$this->config['route'][$route]['context'], UrlGeneratorInterface::ABSOLUTE_URL ); @@ -858,12 +1011,16 @@ class DefaultController extends AbstractController { } } + //XXX: DEBUG: remove me + //die($registerMail['context']['confirm_url']); + //Log new user infos + //XXX: useless ??? $logger->emergency( $this->translator->trans( 'newuser:mail=%mail%|locale=%locale%|confirm=%confirm%', [ - '%mail%' => $data['mail'], + '%mail%' => $data->getMail(), '%locale%' => $request->getLocale(), '%confirm%' => $registerMail['context'][$this->config['register']['route']['confirm']] ] @@ -871,20 +1028,13 @@ class DefaultController extends AbstractController { ); //Set recipient_name - $registerMail['context']['recipient_mail'] = $data['mail']; + $registerMail['context']['recipient_mail'] = $data->getMail(); //Set recipient name $registerMail['context']['recipient_name'] = ''; - //With forename, surname and pseudonym - if (isset($data['forename']) && isset($data['surname']) && isset($data['pseudonym'])) { - //Set recipient name - $registerMail['context']['recipient_name'] = implode(' ', [$data['forename'], $data['surname'], $data['pseudonym']?'('.$data['pseudonym'].')':'']); - //With pseudonym - } elseif (isset($data['pseudonym'])) { - //Set recipient name - $registerMail['context']['recipient_name'] = $data['pseudonym']; - } + //Set recipient name + $registerMail['context']['recipient_name'] = implode(' ', [$data->getForename(), $data->getSurname(), $data->getPseudonym()?'('.$data->getPseudonym().')':'']); //Init subject context $subjectContext = $slugger->flatten(array_replace_recursive($this->config['register']['view']['context'], $registerMail['context']), null, '.', '%', '%'); @@ -909,18 +1059,31 @@ class DefaultController extends AbstractController { //Set context ->context(['subject' => $registerMail['subject']]+$registerMail['context']); - //Try sending message - //XXX: mail delivery may silently fail + //Try saving in database try { - //Send message - $mailer->send($message); - - //Redirect on the same route with sent=1 to cleanup form - return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$request->get('_route_params')); - //Catch obvious transport exception - } catch(TransportExceptionInterface $e) { - //Add error message mail unreachable - $form->get('mail')->addError(new FormError($this->translator->trans('Account %mail% tried subscribe but unable to contact', array('%mail%' => $data['mail'])))); + //Send to database + $manager->flush(); + + //Add error message mail already exists + $this->addFlash('notice', $this->translator->trans('Your account has been created')); + + //Try sending message + //XXX: mail delivery may silently fail + try { + //Send message + $mailer->send($message); + + //Redirect on the same route with sent=1 to cleanup form + return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$request->get('_route_params')); + //Catch obvious transport exception + } catch(TransportExceptionInterface $e) { + //Add error message mail unreachable + $form->get('mail')->addError(new FormError($this->translator->trans('Account %mail% tried subscribe but unable to contact', ['%mail%' => $data->getMail()]))); + } + //Catch double subscription + } catch (\Doctrine\DBAL\Exception\UniqueConstraintViolationException $e) { + //Add error message mail already exists + $this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail])); } } } @@ -937,7 +1100,7 @@ class DefaultController extends AbstractController { /** * {@inheritdoc} */ - public function getAlias() { - return 'rapsys_user'; + public function getAlias(): string { + return RapsysUserBundle::getAlias(); } }