X-Git-Url: https://git.rapsys.eu/userbundle/blobdiff_plain/ff811180315cd026ece71c33fbf90b8dea2f8e51..efbfa35585b0cf29d0f6f8b0d47c5ac9218f0ab9:/Controller/DefaultController.php?ds=sidebyside

diff --git a/Controller/DefaultController.php b/Controller/DefaultController.php
index 7e16358..c6ac4be 100644
--- a/Controller/DefaultController.php
+++ b/Controller/DefaultController.php
@@ -1,25 +1,41 @@
-<?php
+<?php declare(strict_types=1);
+
+/*
+ * This file is part of the Rapsys UserBundle package.
+ *
+ * (c) Raphaël Gertz <symfony@rapsys.eu>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
 
 namespace Rapsys\UserBundle\Controller;
 
+use Doctrine\Bundle\DoctrineBundle\Registry;
+use Doctrine\ORM\EntityManagerInterface;
+use Psr\Log\LoggerInterface;
 use Symfony\Bridge\Twig\Mime\TemplatedEmail;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\DependencyInjection\ContainerInterface;
-use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 use Symfony\Component\Form\FormError;
-use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 use Symfony\Component\Mailer\Exception\TransportExceptionInterface;
 use Symfony\Component\Mailer\MailerInterface;
 use Symfony\Component\Mime\Address;
+use Symfony\Component\Routing\Exception\MethodNotAllowedException;
+use Symfony\Component\Routing\Exception\ResourceNotFoundException;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+use Symfony\Component\Routing\RequestContext;
 use Symfony\Component\Routing\RouterInterface;
+use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
 use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
 use Symfony\Component\Translation\TranslatorInterface;
-use Psr\Log\LoggerInterface;
 
 use Rapsys\PackBundle\Util\SluggerUtil;
+use Rapsys\UserBundle\RapsysUserBundle;
 
 class DefaultController extends AbstractController {
 	//Config array
@@ -39,7 +55,7 @@ class DefaultController extends AbstractController {
 	 */
 	public function __construct(ContainerInterface $container, RouterInterface $router, TranslatorInterface $translator) {
 		//Retrieve config
-		$this->config = $container->getParameter($this->getAlias());
+		$this->config = $container->getParameter(self::getAlias());
 
 		//Set the translator
 		$this->translator = $translator;
@@ -222,20 +238,18 @@ class DefaultController extends AbstractController {
 	 * Confirm account from mail link
 	 *
 	 * @param Request $request The request
+	 * @param Registry $manager The doctrine registry
 	 * @param UserPasswordEncoderInterface $encoder The password encoder
+	 * @param EntityManagerInterface $manager The doctrine entity manager
 	 * @param SluggerUtil $slugger The slugger
 	 * @param MailerInterface $mailer The mailer
 	 * @param string $mail The shorted mail address
-	 * @param string $extra The serialized then shorted extra array
 	 * @param string $hash The hashed password
 	 * @return Response The response
 	 */
-	public function confirm(Request $request, UserPasswordEncoderInterface $encoder, SluggerUtil $slugger, MailerInterface $mailer, $mail, $extra, $hash) {
-		//Get doctrine
-		$doctrine = $this->getDoctrine();
-
+	public function confirm(Request $request, Registry $doctrine, UserPasswordEncoderInterface $encoder, EntityManagerInterface $manager, SluggerUtil $slugger, MailerInterface $mailer, $mail, $hash): Response {
 		//With invalid hash
-		if ($hash != $slugger->hash($mail.$extra)) {
+		if ($hash != $slugger->hash($mail)) {
 			//Throw bad request
 			throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
 		}
@@ -246,159 +260,95 @@ class DefaultController extends AbstractController {
 		//Without valid mail
 		if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) {
 			//Throw bad request
-			throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $mail]));
+			//XXX: prevent slugger reverse engineering by not displaying decoded mail
+			throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail]));
 		}
 
-		//With existing subscriber
-		if ($doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail)) {
+		//Without existing registrant
+		if (!($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) {
 			//Add error message mail already exists
-			$this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail]));
-
-			//Redirect to user view
-			return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']);
-		}
-
-		//Get extra
-		$extra = $slugger->unserialize($sextra = $extra);
-
-		//Without valid extra
-		if (!is_array($extra)) {
-			//Throw bad request
-			throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'extra', '%value%' => $sextra]));
-		}
-
-		//Extract names and pseudonym from mail
-		$names = explode(' ', $pseudonym = ucwords(trim(preg_replace('/[^a-zA-Z]+/', ' ', current(explode('@', $mail))))));
-
-		//Get manager
-		$manager = $doctrine->getManager();
-
-		//Init reflection
-		$reflection = new \ReflectionClass($this->config['class']['user']);
-
-		//Create new user
-		$user = $reflection->newInstance();
-
-		//Set mail
-		$user->setMail($mail);
-
-		//Set default value
-		$default = [
-			'civility(title)' => $this->config['default']['civility'],
-			'pseudonym' => $pseudonym,
-			'forename' => $names[0]??$pseudonym,
-			'surname' => $names[1]??$pseudonym,
-			'password' => $encoder->encodePassword($user, $mail),
-			'active' => true
-		];
-
-		//Iterate on each default value
-		//TODO: store add/set action between [] ???
-		foreach($extra+$default as $key => $value) {
-			//Set member
-			$member = $key;
-
-			//With title entity
-			if (substr($key, -strlen('(title)')) === '(title)') {
-				//Remove field info
-				$member = substr($member, 0, -strlen('(title)'));
-
-				//Get object as value
-				$value = $doctrine->getRepository($this->config['class'][$member])->findOneByTitle($value);
-			//With id entity
-			} elseif (substr($key, -strlen('(id)')) === '(id)') {
-				//Remove field info
-				$member = substr($member, 0, -strlen('(id)'));
-
-				//Get object as value
-				$value = $doctrine->getRepository($this->config['class'][$key])->findOneById($value);
-			}
-
-			//Set value
-			$user->{'set'.ucfirst($member)}($value);
+			//XXX: prevent slugger reverse engineering by not displaying decoded mail
+			$this->addFlash('error', $this->translator->trans('Account %mail% do not exists', ['%mail%' => $smail]));
 
-			//Unset extra value
-			unset($extra[$key]);
+			//Redirect to register view
+			return $this->redirectToRoute($this->config['route']['register']['name'], ['mail' => $smail, 'field' => $sfield = $slugger->serialize([]), 'hash' => $slugger->hash($smail.$sfield)]+$this->config['route']['register']['context']);
 		}
 
-		//Iterate on default group
-		foreach($this->config['default']['group'] as $i => $groupTitle) {
-			//Fetch group
-			if (($group = $doctrine->getRepository($this->config['class']['group'])->findOneByTitle($groupTitle))) {
-				//Set default group
-				//XXX: see vendor/symfony/security-core/Role/Role.php
-				$user->addGroup($group);
-			//Group not found
-			} else {
-				//Throw exception
-				//XXX: consider missing group as fatal
-				throw new \Exception(sprintf('Group from rapsys_user.default.group[%d] not found by title: %s', $i, $groupTitle));
-			}
-		}
+		//Set active
+		$user->setActive(true);
 
-		$user->setCreated(new \DateTime('now'));
+		//Set updated
 		$user->setUpdated(new \DateTime('now'));
 
 		//Persist user
 		$manager->persist($user);
 
-		//Try saving in database
-		try {
-			//Send to database
-			$manager->flush();
+		//Send to database
+		$manager->flush();
 
-			//Add error message mail already exists
-			$this->addFlash('notice', $this->translator->trans('Your account has been created'));
-		//Catch double subscription
-		} catch (\Doctrine\DBAL\Exception\UniqueConstraintViolationException $e) {
-			//Add error message mail already exists
-			$this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail]));
-		}
+		//Add error message mail already exists
+		$this->addFlash('notice', $this->translator->trans('Your account has been activated'));
 
 		//Redirect to user view
-		return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']);
+		return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']);
 	}
 
 	/**
 	 * Edit account by shorted mail
 	 *
 	 * @param Request $request The request
+	 * @param Registry $manager The doctrine registry
+	 * @param UserPasswordEncoderInterface $encoder The password encoder
+	 * @param EntityManagerInterface $manager The doctrine entity manager
 	 * @param SluggerUtil $slugger The slugger
 	 * @param string $mail The shorted mail address
+	 * @param string $hash The hashed password
 	 * @return Response The response
 	 */
-	public function edit(Request $request, SluggerUtil $slugger, $mail) {
-		//Get doctrine
-		$doctrine = $this->getDoctrine();
+	public function edit(Request $request, Registry $doctrine, UserPasswordEncoderInterface $encoder, EntityManagerInterface $manager, SluggerUtil $slugger, $mail, $hash): Response {
+		//With invalid hash
+		if ($hash != $slugger->hash($mail)) {
+			//Throw bad request
+			throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
+		}
 
 		//Get mail
 		$mail = $slugger->unshort($smail = $mail);
 
 		//With existing subscriber
 		if (empty($user = $doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail))) {
-			var_dump($mail);
 			//Throw not found
 			//XXX: prevent slugger reverse engineering by not displaying decoded mail
 			throw $this->createNotFoundException($this->translator->trans('Unable to find account %mail%', ['%mail%' => $smail]));
 		}
 
-		//Get user token
-		$token = new UsernamePasswordToken($user, null, 'none', $user->getRoles());
-
-		//Check if guest
-		$isGuest = $this->get('rapsys_user.access_decision_manager')->decide($token, ['ROLE_GUEST']);
-
 		//Prevent access when not admin, user is not guest and not currently logged user
-		if (!$this->isGranted('ROLE_ADMIN') && empty($isGuest) && $user != $this->getUser()) {
+		if (!$this->isGranted('ROLE_ADMIN') && $user != $this->getUser() || !$this->isGranted('IS_AUTHENTICATED_FULLY')) {
 			//Throw access denied
 			//XXX: prevent slugger reverse engineering by not displaying decoded mail
 			throw $this->createAccessDeniedException($this->translator->trans('Unable to access user: %mail%', ['%mail%' => $smail]));
 		}
 
 		//Create the RegisterType form and give the proper parameters
-		$form = $this->createForm($this->config['register']['view']['form'], $user, [
+		$editForm = $this->createForm($this->config['register']['view']['form'], $user, [
+			//Set action to register route name and context
+			'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']),
+			//Set civility class
+			'civility_class' => $this->config['class']['civility'],
+			//Set civility default
+			'civility_default' => $doctrine->getRepository($this->config['class']['civility'])->findOneByTitle($this->config['default']['civility']),
+			//Disable mail
+			'mail' => $this->isGranted('ROLE_ADMIN'),
+			//Disable password
+			'password' => false,
+			//Set method
+			'method' => 'POST'
+		]);
+
+		//Create the RegisterType form and give the proper parameters
+		$edit = $this->createForm($this->config['edit']['view']['edit'], $user, [
 			//Set action to register route name and context
-			'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']),
+			'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']),
 			//Set civility class
 			'civility_class' => $this->config['class']['civility'],
 			//Set civility default
@@ -406,22 +356,74 @@ class DefaultController extends AbstractController {
 			//Disable mail
 			'mail' => $this->isGranted('ROLE_ADMIN'),
 			//Disable password
-			//XXX: prefer a reset on login to force user unspam action
 			'password' => false,
 			//Set method
 			'method' => 'POST'
 		]);
 
+		//With admin role
+		if ($this->isGranted('ROLE_ADMIN')) {
+			//Create the LoginType form and give the proper parameters
+			$reset = $this->createForm($this->config['edit']['view']['reset'], $user, [
+				//Set action to register route name and context
+				'action' => $this->generateUrl($this->config['route']['edit']['name'], ['mail' => $smail, 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']),
+				//Disable mail
+				'mail' => false,
+				//Set method
+				'method' => 'POST'
+			]);
+
+			//With post method
+			if ($request->isMethod('POST')) {
+				//Refill the fields in case the form is not valid.
+				$reset->handleRequest($request);
+
+				//With reset submitted and valid
+				if ($reset->isSubmitted() && $reset->isValid()) {
+					//Set data
+					$data = $reset->getData();
+
+					//Set password
+					$data->setPassword($encoder->encodePassword($data, $data->getPassword()));
+
+					//Set updated
+					$data->setUpdated(new \DateTime('now'));
+
+					//Queue snippet save
+					$manager->persist($data);
+
+					//Flush to get the ids
+					$manager->flush();
+
+					//Add notice
+					$this->addFlash('notice', $this->translator->trans('Account %mail% password updated', ['%mail%' => $mail = $data->getMail()]));
+
+					//Redirect to cleanup the form
+					return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $slugger->short($mail), 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']);
+				}
+			}
+
+			//Add reset view
+			$this->config['edit']['view']['context']['reset'] = $reset->createView();
+		//Without admin role
+		//XXX: prefer a reset on login to force user unspam action
+		} else {
+			//Add notice
+			$this->addFlash('notice', $this->translator->trans('To change your password login with your mail and any password then follow the procedure'));
+		}
+
+		//With post method
 		if ($request->isMethod('POST')) {
 			//Refill the fields in case the form is not valid.
-			$form->handleRequest($request);
+			$edit->handleRequest($request);
 
-			if ($form->isValid()) {
+			//With edit submitted and valid
+			if ($edit->isSubmitted() && $edit->isValid()) {
 				//Set data
-				$data = $form->getData();
+				$data = $edit->getData();
 
-				//Get manager
-				$manager = $doctrine->getManager();
+				//Set updated
+				$data->setUpdated(new \DateTime('now'));
 
 				//Queue snippet save
 				$manager->persist($data);
@@ -430,18 +432,11 @@ class DefaultController extends AbstractController {
 				$manager->flush();
 
 				//Add notice
-				$this->addFlash('notice', $this->translator->trans('Account %mail% updated', ['%mail%' => $mail]));
-
-				//Redirect to user view
-				//TODO: extract referer ??? or useless ???
-				return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail]+$this->config['route']['edit']['context']);
+				$this->addFlash('notice', $this->translator->trans('Account %mail% updated', ['%mail%' => $mail = $data->getMail()]));
 
 				//Redirect to cleanup the form
-				return $this->redirectToRoute('rapsys_air', ['user' => $data->getId()]);
+				return $this->redirectToRoute($this->config['route']['edit']['name'], ['mail' => $smail = $slugger->short($mail), 'hash' => $slugger->hash($smail)]+$this->config['route']['edit']['context']);
 			}
-		} else {
-			//Add notice
-			$this->addFlash('notice', $this->translator->trans('To change your password login with your mail %mail% and any password then follow the procedure', ['%mail%' => $mail]));
 		}
 
 		//Render view
@@ -449,7 +444,7 @@ class DefaultController extends AbstractController {
 			//Template
 			$this->config['edit']['view']['name'],
 			//Context
-			['form' => $form->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['edit']['view']['context']
+			['edit' => $edit->createView(), 'sent' => $request->query->get('sent', 0)]+$this->config['edit']['view']['context']
 		);
 	}
 
@@ -458,21 +453,47 @@ class DefaultController extends AbstractController {
 	 *
 	 * @param Request $request The request
 	 * @param AuthenticationUtils $authenticationUtils The authentication utils
+	 * @param RouterInterface $router The router instance
+	 * @param SluggerUtil $slugger The slugger
+	 * @param string $mail The shorted mail address
+	 * @param string $hash The hashed password
 	 * @return Response The response
 	 */
-	public function login(Request $request, AuthenticationUtils $authenticationUtils) {
+	public function login(Request $request, AuthenticationUtils $authenticationUtils, RouterInterface $router, SluggerUtil $slugger, $mail, $hash): Response {
 		//Create the LoginType form and give the proper parameters
 		$login = $this->createForm($this->config['login']['view']['form'], null, [
 			//Set action to login route name and context
 			'action' => $this->generateUrl($this->config['route']['login']['name'], $this->config['route']['login']['context']),
+			//Disable repeated password
+			'password_repeated' => false,
+			//Set method
 			'method' => 'POST'
 		]);
 
 		//Init context
 		$context = [];
 
+		//With mail
+		if (!empty($mail) && !empty($hash)) {
+			//With invalid hash
+			if ($hash != $slugger->hash($mail)) {
+				//Throw bad request
+				throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
+			}
+
+			//Get mail
+			$mail = $slugger->unshort($smail = $mail);
+
+			//Without valid mail
+			if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) {
+				//Throw bad request
+				throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail]));
+			}
+
+			//Prefilled mail
+			$login->get('mail')->setData($mail);
 		//Last username entered by the user
-		if ($lastUsername = $authenticationUtils->getLastUsername()) {
+		} elseif ($lastUsername = $authenticationUtils->getLastUsername()) {
 			$login->get('mail')->setData($lastUsername);
 		}
 
@@ -484,7 +505,7 @@ class DefaultController extends AbstractController {
 			//Add error message to mail field
 			$login->get('mail')->addError(new FormError($error));
 
-			//Create the RecoverType form and give the proper parameters
+			//Create the LoginType form and give the proper parameters
 			$recover = $this->createForm($this->config['recover']['view']['form'], null, [
 				//Set action to recover route name and context
 				'action' => $this->generateUrl($this->config['route']['recover']['name'], $this->config['route']['recover']['context']),
@@ -521,7 +542,9 @@ class DefaultController extends AbstractController {
 	 * Recover account
 	 *
 	 * @param Request $request The request
+	 * @param Registry $manager The doctrine registry
 	 * @param UserPasswordEncoderInterface $encoder The password encoder
+	 * @param EntityManagerInterface $manager The doctrine entity manager
 	 * @param SluggerUtil $slugger The slugger
 	 * @param MailerInterface $mailer The mailer
 	 * @param string $mail The shorted mail address
@@ -529,13 +552,10 @@ class DefaultController extends AbstractController {
 	 * @param string $hash The hashed password
 	 * @return Response The response
 	 */
-	public function recover(Request $request, UserPasswordEncoderInterface $encoder, SluggerUtil $slugger, MailerInterface $mailer, $mail, $pass, $hash) {
-		//Get doctrine
-		$doctrine = $this->getDoctrine();
-
+	public function recover(Request $request, Registry $doctrine, UserPasswordEncoderInterface $encoder, EntityManagerInterface $manager, SluggerUtil $slugger, MailerInterface $mailer, $mail, $pass, $hash): Response {
 		//Without mail, pass and hash
 		if (empty($mail) && empty($pass) && empty($hash)) {
-			//Create the RecoverType form and give the proper parameters
+			//Create the LoginType form and give the proper parameters
 			$form = $this->createForm($this->config['recover']['view']['form'], null, [
 				//Set action to recover route name and context
 				'action' => $this->generateUrl($this->config['route']['recover']['name'], $this->config['route']['recover']['context']),
@@ -658,7 +678,8 @@ class DefaultController extends AbstractController {
 		//Without valid mail
 		if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) {
 			//Throw bad request
-			throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $mail]));
+			//XXX: prevent slugger reverse engineering by not displaying decoded mail
+			throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail]));
 		}
 
 		//With existing subscriber
@@ -675,7 +696,7 @@ class DefaultController extends AbstractController {
 			throw $this->createNotFoundException($this->translator->trans('Outdated recover link'));
 		}
 
-		//Create the RecoverType form and give the proper parameters
+		//Create the LoginType form and give the proper parameters
 		$form = $this->createForm($this->config['recover']['view']['form'], $user, [
 			//Set action to recover route name and context
 			'action' => $this->generateUrl($this->config['route']['recover']['name'], ['mail' => $smail, 'pass' => $pass, 'hash' => $hash]+$this->config['route']['recover']['context']),
@@ -705,9 +726,6 @@ class DefaultController extends AbstractController {
 				//Set updated
 				$user->setUpdated(new \DateTime('now'));
 
-				//Get manager
-				$manager = $doctrine->getManager();
-
 				//Persist user
 				$manager->persist($user);
 
@@ -735,30 +753,56 @@ class DefaultController extends AbstractController {
 	 * Register an account
 	 *
 	 * @param Request $request The request
+	 * @param Registry $manager The doctrine registry
 	 * @param UserPasswordEncoderInterface $encoder The password encoder
+	 * @param EntityManagerInterface $manager The doctrine entity manager
 	 * @param SluggerUtil $slugger The slugger
 	 * @param MailerInterface $mailer The mailer
 	 * @param LoggerInterface $logger The logger
+	 * @param string $mail The shorted mail address
 	 * @param string $field The serialized then shorted form field array
 	 * @param string $hash The hashed serialized field array
 	 * @return Response The response
 	 */
-	public function register(Request $request, UserPasswordEncoderInterface $encoder, SluggerUtil $slugger, MailerInterface $mailer, LoggerInterface $logger, $field, $hash) {
-		//Get doctrine
-		$doctrine = $this->getDoctrine();
+	public function register(Request $request, Registry $doctrine, UserPasswordEncoderInterface $encoder, EntityManagerInterface $manager, SluggerUtil $slugger, MailerInterface $mailer, LoggerInterface $logger, $mail, $field, $hash): Response {
+		//Init reflection
+		$reflection = new \ReflectionClass($this->config['class']['user']);
 
-		//With field
+		//Create new user
+		$user = $reflection->newInstance();
+
+		//With mail and field
 		if (!empty($field) && !empty($hash)) {
 			//With invalid hash
-			if ($hash != $slugger->hash($field)) {
+			if ($hash != $slugger->hash($mail.$field)) {
 				//Throw bad request
 				throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'hash', '%value%' => $hash]));
 			}
 
+			//With mail
+			if (!empty($mail)) {
+				//Get mail
+				$mail = $slugger->unshort($smail = $mail);
+
+				//Without valid mail
+				if (filter_var($mail, FILTER_VALIDATE_EMAIL) === false) {
+					//Throw bad request
+					//XXX: prevent slugger reverse engineering by not displaying decoded mail
+					throw new BadRequestHttpException($this->translator->trans('Invalid %field% field: %value%', ['%field%' => 'mail', '%value%' => $smail]));
+				}
+
+				//Set mail
+				$user->setMail($mail);
+			//Without mail
+			} else {
+				//Set smail
+				$smail = $mail;
+			}
+
 			//Try
 			try {
 				//Unshort then unserialize field
-				$field = $slugger->unserialize($field);
+				$field = $slugger->unserialize($sfield = $field);
 			//Catch type error
 			} catch (\Error|\Exception $e) {
 				//Throw bad request
@@ -772,14 +816,20 @@ class DefaultController extends AbstractController {
 			}
 		//Without field and hash
 		} else {
+			//Set smail
+			$smail = $mail;
+
+			//Set smail
+			$sfield = $sfield;
+
 			//Reset field
 			$field = [];
 		}
 
 		//Create the RegisterType form and give the proper parameters
-		$form = $this->createForm($this->config['register']['view']['form'], null, $field+[
+		$form = $this->createForm($this->config['register']['view']['form'], $user, $field+[
 			//Set action to register route name and context
-			'action' => $this->generateUrl($this->config['route']['register']['name'], $this->config['route']['register']['context']),
+			'action' => $this->generateUrl($this->config['route']['register']['name'], ['mail' => $smail, 'field' => $sfield, 'hash' => $hash]+$this->config['route']['register']['context']),
 			//Set civility class
 			'civility_class' => $this->config['class']['civility'],
 			//Set civility default
@@ -798,44 +848,62 @@ class DefaultController extends AbstractController {
 				//Set data
 				$data = $form->getData();
 
+				//With existing registrant
+				if ($doctrine->getRepository($this->config['class']['user'])->findOneByMail($mail = $data->getMail())) {
+					//Add error message mail already exists
+					$this->addFlash('warning', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail]));
+
+					//Redirect to user view
+					return $this->redirectToRoute(
+						$this->config['route']['edit']['name'],
+						[
+							'mail' => $smail = $slugger->short($mail),
+							'hash' => $slugger->hash($smail)
+						]+$this->config['route']['edit']['context']
+					);
+				}
+
 				//Set mail shortcut
 				$registerMail =& $this->config['register']['mail'];
 
-				//Set extra
-				$extra = [];
-
-				//Init reflection
-				$reflection = new \ReflectionClass($this->config['class']['user']);
-
-				//Create new user
-				$user = $reflection->newInstance();
-
-				//Iterate on each entry
-				//TODO: store add/set action between [] ???
-				foreach($data as $key => $value) {
-					//Skip mail
-					if ($key == 'mail') {
-						continue;
-					//Store shorted title
-					} elseif (is_callable([$value, 'getTitle'])) {
-						$extra[$key.'(title)'] = $value->getTitle();
-					//Store shorted id
-					} elseif (is_callable([$value, 'getId'])) {
-						$extra[$key.'(id)'] = $value->getId();
-					//Store encoded password
-					} elseif(!empty($value) && $key == 'password') {
-						$extra['password'] = $encoder->encodePassword($user, $value);
-					//Store shorted value
-					} elseif (!empty($value)) {
-						$extra[$key] = $value;
-					}
-				}
+				//Extract names and pseudonym from mail
+				$names = explode(' ', $pseudonym = ucwords(trim(preg_replace('/[^a-zA-Z]+/', ' ', current(explode('@', $data->getMail()))))));
 
-				//Set mail
-				$mail = $slugger->short($data['mail']);
+				//Set pseudonym
+				$user->setPseudonym($user->getPseudonym()??$pseudonym);
 
-				//Set extra
-				$extra = $slugger->serialize($extra);
+				//Set forename
+				$user->setForename($user->getForename()??$names[0]);
+
+				//Set surname
+				$user->setSurname($user->getSurname()??$names[1]??$names[0]);
+
+				//Set password
+				$user->setPassword($encoder->encodePassword($user, $user->getPassword()??$data->getMail()));
+
+				//Set created
+				$user->setCreated(new \DateTime('now'));
+
+				//Set updated
+				$user->setUpdated(new \DateTime('now'));
+
+				//Persist user
+				$manager->persist($user);
+
+				//Iterate on default group
+				foreach($this->config['default']['group'] as $i => $groupTitle) {
+					//Fetch group
+					if (($group = $doctrine->getRepository($this->config['class']['group'])->findOneByTitle($groupTitle))) {
+						//Set default group
+						//XXX: see vendor/symfony/security-core/Role/Role.php
+						$user->addGroup($group);
+					//Group not found
+					} else {
+						//Throw exception
+						//XXX: consider missing group as fatal
+						throw new \Exception(sprintf('Group from rapsys_user.default.group[%d] not found by title: %s', $i, $groupTitle));
+					}
+				}
 
 				//Generate each route route
 				foreach($this->config['register']['route'] as $route => $tag) {
@@ -848,9 +916,8 @@ class DefaultController extends AbstractController {
 								$this->config['route'][$route]['name'],
 								//Prepend subscribe context with tag
 								[
-									'mail' => $mail,
-									'extra' => $extra,
-									'hash' => $slugger->hash($mail.$extra)
+									'mail' => $smail = $slugger->short($data->getMail()),
+									'hash' => $slugger->hash($smail)
 								]+$this->config['route'][$route]['context'],
 								UrlGeneratorInterface::ABSOLUTE_URL
 							);
@@ -858,12 +925,16 @@ class DefaultController extends AbstractController {
 					}
 				}
 
+				//XXX: DEBUG: remove me
+				//die($registerMail['context']['confirm_url']);
+
 				//Log new user infos
+				//XXX: useless ???
 				$logger->emergency(
 					$this->translator->trans(
 						'newuser:mail=%mail%|locale=%locale%|confirm=%confirm%',
 						[
-							'%mail%' => $data['mail'],
+							'%mail%' => $data->getMail(),
 							'%locale%' => $request->getLocale(),
 							'%confirm%' => $registerMail['context'][$this->config['register']['route']['confirm']]
 						]
@@ -871,20 +942,13 @@ class DefaultController extends AbstractController {
 				);
 
 				//Set recipient_name
-				$registerMail['context']['recipient_mail'] = $data['mail'];
+				$registerMail['context']['recipient_mail'] = $data->getMail();
 
 				//Set recipient name
 				$registerMail['context']['recipient_name'] = '';
 
-				//With forename, surname and pseudonym
-				if (isset($data['forename']) && isset($data['surname']) && isset($data['pseudonym'])) {
-					//Set recipient name
-					$registerMail['context']['recipient_name'] = implode(' ', [$data['forename'], $data['surname'], $data['pseudonym']?'('.$data['pseudonym'].')':'']);
-				//With pseudonym
-				} elseif (isset($data['pseudonym'])) {
-					//Set recipient name
-					$registerMail['context']['recipient_name'] = $data['pseudonym'];
-				}
+				//Set recipient name
+				$registerMail['context']['recipient_name'] = implode(' ', [$data->getForename(), $data->getSurname(), $data->getPseudonym()?'('.$data->getPseudonym().')':'']);
 
 				//Init subject context
 				$subjectContext = $slugger->flatten(array_replace_recursive($this->config['register']['view']['context'], $registerMail['context']), null, '.', '%', '%');
@@ -909,18 +973,31 @@ class DefaultController extends AbstractController {
 					//Set context
 					->context(['subject' => $registerMail['subject']]+$registerMail['context']);
 
-				//Try sending message
-				//XXX: mail delivery may silently fail
+				//Try saving in database
 				try {
-					//Send message
-					$mailer->send($message);
-
-					//Redirect on the same route with sent=1 to cleanup form
-					return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$request->get('_route_params'));
-				//Catch obvious transport exception
-				} catch(TransportExceptionInterface $e) {
-					//Add error message mail unreachable
-					$form->get('mail')->addError(new FormError($this->translator->trans('Account %mail% tried subscribe but unable to contact', array('%mail%' => $data['mail']))));
+					//Send to database
+					$manager->flush();
+
+					//Add error message mail already exists
+					$this->addFlash('notice', $this->translator->trans('Your account has been created'));
+
+					//Try sending message
+					//XXX: mail delivery may silently fail
+					try {
+						//Send message
+						$mailer->send($message);
+
+						//Redirect on the same route with sent=1 to cleanup form
+						return $this->redirectToRoute($request->get('_route'), ['sent' => 1]+$request->get('_route_params'));
+					//Catch obvious transport exception
+					} catch(TransportExceptionInterface $e) {
+						//Add error message mail unreachable
+						$form->get('mail')->addError(new FormError($this->translator->trans('Account %mail% tried subscribe but unable to contact', ['%mail%' => $data->getMail()])));
+					}
+				//Catch double subscription
+				} catch (\Doctrine\DBAL\Exception\UniqueConstraintViolationException $e) {
+					//Add error message mail already exists
+					$this->addFlash('error', $this->translator->trans('Account %mail% already exists', ['%mail%' => $mail]));
 				}
 			}
 		}
@@ -937,7 +1014,7 @@ class DefaultController extends AbstractController {
 	/**
 	 * {@inheritdoc}
 	 */
-	public function getAlias() {
-		return 'rapsys_user';
+	public function getAlias(): string {
+		return RapsysUserBundle::getAlias();
 	}
 }