src/Controller/AuthController.php line 174

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Model\DataObject\User;
  6. use App\Security\AppAuthenticator;
  7. use Carbon\Carbon;
  8. use Exception;
  9. use KnpU\OAuth2ClientBundle\Client\ClientRegistry;
  10. use Pimcore\Controller\FrontendController;
  11. use Pimcore\Log\Simple;
  12. use Pimcore\Mail;
  13. use Pimcore\Model\DataObject;
  14. use Pimcore\Model\DataObject\Folder;
  15. use Pimcore\Model\Element\Service;
  16. use Pimcore\Model\WebsiteSetting;
  17. use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
  18. use Symfony\Component\HttpFoundation\Request;
  19. use App\Form\RecaptchaFormType;
  20. use Symfony\Component\Routing\Annotation\Route;
  21. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  22. use Symfony\Component\Security\Core\Security as FrontSecurity;
  23. use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
  24. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  25. use Symfony\Component\Validator\Constraints as Assert;
  26. use Symfony\Component\Validator\Validator\ValidatorInterface;
  28. class AuthController extends FrontendController
  29. {
  30.     /**
  31.      * @Template
  32.      * @param Request $request
  33.      * @param AuthenticationUtils $authenticationUtils
  34.      * @return array
  35.      * @Route(
  36.      *      "/{_locale}/login",
  37.      *      name="login"
  38.      * )
  39.      */
  40.     public function loginAction(Request $requestAuthenticationUtils $authenticationUtilsFrontSecurity $security)
  41.     {
  42.         $lang $request->getLocale();
  43.         $securityUser $security->getUser();
  44.         if ($securityUser) {
  45.             $user User::getByUsername($securityUser->getUserIdentifier())->load()[0];
  46.             return $this->redirect($this->getDefaultRoute($user));
  47.         }
  48.         // get the login error if there is one
  49.         $error $authenticationUtils->getLastAuthenticationError();
  50.         // last username entered by the user
  51.         $lastUsername $authenticationUtils->getLastUsername();
  52.         //dd($error);
  53.         return [
  54.             '_username' => $lastUsername,
  55.             'error' => $error,
  56.             '_target_path' => $request->get('_target_path') ?? null,
  57.         ];
  58.     }
  60.     /**
  61.      * @Route(
  62.      *      "/is-connected",
  63.      *      name="isConnected",
  64.      *      methods={"GET"}
  65.      * )
  66.      */
  67.     public function isConnected(FrontSecurity $security)
  68.     {
  69.         if ($security->getUser()) {
  70.             return $this->json(['res' => true]);
  71.         }
  72.         return $this->json(['res' => false]);
  73.     }
  75.     /**
  76.      * @Route("/{_locale}/login/after", name="afterLogin")
  77.      */
  78.     public function afterLogin(Request $requestFrontSecurity $security)
  79.     {
  80.         return $this->redirect('/' $request->getLocale());
  81.     }
  83.     /**
  84.      * Link to this controller to start the "connect" process
  85.      *
  86.      * @Route("/connect/{service}", name="connect_oauth")
  87.      */
  88.     public function connectWithOauth(Request $requestClientRegistry $clientRegistry)
  89.     {
  90.         $orderId $request->get("orderid");
  91.         if($orderId){
  92.             $order DataObject\Order::getById($orderId);
  93.             if($order){
  94.                 $url $clientRegistry
  95.                     ->getClient($request->get('service'))
  96.                     ->redirect(['email'], [])->getTargetUrl();
  97.                 $query_str parse_url($urlPHP_URL_QUERY);
  98.                 parse_str($query_str$query_params);
  99.                 if(isset($query_params["state"])){
  100.                     $order->setOauthState($query_params["state"]);
  101.                 }
  102.             }
  103.         }
  105.         return $clientRegistry
  106.             ->getClient($request->get('service'))
  107.             ->redirect(['email'], []);
  108.     }
  110.     /**
  111.      * @Template
  112.      *
  113.      * @Route("/oauth/check/{service}", name="oauth_check")
  114.      */
  115.     public function checkOauth(Request $requestFrontSecurity $security)
  116.     {
  117.         return [];
  118.     }
  120.     private function getDefaultRoute(User $user)
  121.     {
  122.         return '/' $user->getLang();
  123.     }
  125.     /**
  126.      * @Template
  127.      * @param Request $request
  128.      * @return \Symfony\Component\HttpFoundation\JsonResponse|\Symfony\Component\HttpFoundation\RedirectResponse
  129.      * @throws \Exception
  130.      * @Route(
  131.      *      "/{_locale}/reset/password/{renew_token}",
  132.      *      name="reset_password",
  133.      *      methods={"GET","POST"}
  134.      * )
  135.      */
  136.     public function resetPasswordAction(Request $request)
  137.     {
  138.         if ($request->isMethod('POST') && $request->get("new_password")) {
  139.             $user User::getById($request->get('user_id'));
  140.             if (!$user) {
  141.                 return ['error' => "Impossible de trouver l'utilisateur"];
  142.             }
  143.             $user->setPassword($request->get('new_password'));
  144.             $user->setRenewToken(null);
  145.             $user->setRenewExpire(null);
  146.             $user->save();
  147.             return $this->redirect($this->generateUrl("login"));
  148.         } elseif ($request->get("renew_token")) {
  149.             $user User::getByRenewToken($request->get("renew_token"))->load()[0];
  150.             if (!$user) {
  151.                 return $this->redirect($this->generateUrl('login'));
  152.             }
  153.             $expired false;
  154.             if ($user->getRenewExpire()->lt(Carbon::now())) {
  155.                 $expired true;
  156.             }
  157.             return ["user" => $user"expired" => $expired];
  158.         } else {
  159.             return $this->redirect($this->generateUrl('login'));
  160.         }
  161.     }
  163.     /**
  164.      * @Template
  165.      * @param Request $request
  166.      * @return \Symfony\Component\HttpFoundation\JsonResponse
  167.      * @throws \Exception
  168.      * @Route(
  169.      *      "/{_locale}/reset/password",
  170.      *      name="ask_reset_password",
  171.      *      methods={"GET","POST"}
  172.      * )
  173.      */
  174.     public function askResetPasswordAction(Request $requestFrontSecurity $security\Pimcore\Config\Config $websiteConfig)
  175.     {
  176.         $lang $request->getLocale();
  177.         if ($request->isMethod('POST') && $request->get('username')) {
  178.             $user User::getByUsername($request->get('username'))->load()[0];
  179.             if (!$user) {
  180.                 return ["error" => "Le compte n'existe pas"];
  181.             }
  183.             $token md5(time() * 10000);
  184.             $user->setRenewToken($token);
  185.             $nbrDays intval($websiteConfig->get('expirationDays')) === intval($websiteConfig->get('expirationDays'));
  186.             $user->setRenewExpire(Carbon::now()->addDay($nbrDays));
  187.             $user->save();
  189.             $mail = new Mail();
  190.             $mail->setDocument('/emails/' $lang "/reset-password");
  191.             $mail->to($user->getUsername());
  192.             $mail->setParam('renewLink'$this->generateUrl("reset_password", ['renew_token' => $token], UrlGeneratorInterface::ABSOLUTE_URL));
  193.             $mail->send();
  194.             return ["message" => "Vous avez reçu un lien pour modifier votre mot de passe par email."];
  195.         }
  196.     }
  198.     /**
  199.      * @Template
  200.      * @Route(
  201.      *      "/{_locale}/register",
  202.      *      name="register",
  203.      *      methods={"GET","POST"}
  204.      * )
  205.      */
  206.     public function registerAction(Request $requestFrontSecurity $security\Pimcore\Config\Config $websiteConfigValidatorInterface $validator)
  207.     {
  208.         $formStatus false;
  210.         $honeypotValue "Waterloo";
  212.         // initialize form and handle request data
  213.         $formContact $this->createForm(RecaptchaFormType::class, null);
  214.         $formContact->handleRequest($request);
  216.         Simple::log('apk_register''Start new user');
  217.         $securityUser $security->getUser();
  218.         if ($securityUser) {
  219.             $user User::getByUsername($securityUser->getUserIdentifier())->load()[0];
  220.             return $this->redirect($this->getDefaultRoute($user));
  221.         }
  223.         /** @var Pimcore\Model\DataObject */
  225.         $countries DataObject\Service::getOptionsForSelectField("Pimcore\Model\DataObject\User""country");
  227.         if ($request->isMethod('POST')) {
  228.             $orderid $request->get("orderid");
  229.             foreach (['email''password''confirm-password'] as $required_field) {
  230.                 $isSet false;
  231.                 if (is_array($required_field)) {
  232.                     foreach ($required_field as $field) {
  233.                         if ($request->get($field)) {
  234.                             $isSet true;
  235.                         }
  236.                     }
  237.                 } else {
  238.                     $isSet $request->get($required_field);
  239.                 }
  241.                 if (!$isSet) {
  242.                     return ["error" => "Vous devez remplir tous les champs.","countries" => $countries"previousValues" => $request->request->all(), 'form' => $formContact->createView(), "formStatus" => $formStatus"honeypotValue" => $honeypotValue];
  243.                 }
  244.             }
  246.             $email $request->get('email');
  247.             $password $request->get('password');
  248.             $confirmPassword $request->get('confirm-password');
  249.             if ($password !== $confirmPassword) {
  250.                 return ["error" => "Les 2 mots de passe ne sont pas identiques","countries" => $countries"previousValues" => $request->request->all(), 'form' => $formContact->createView(), "formStatus" => $formStatus"honeypotValue" => $honeypotValue];
  251.             }
  253.             /** @var Symfony\Component\Validator\Constraints as Assert  */
  254.             $emailConstraint = new Assert\Email();
  255.             $errors $validator->validate($email$emailConstraint);
  256.             if (count($errors) > 0) {
  257.                 return ["error" => $errors[0]->getMessage(),"countries" => $countries"previousValues" => $request->request->all(), 'form' => $formContact->createView(), "formStatus" => $formStatus"honeypotValue" => $honeypotValue];
  258.             }
  260.             $checkUser User::getByUsername($email, ['limit' => 1'unpublished' => true]);
  261.             if ($checkUser) {
  262.                 $now Carbon::now();
  263.                 if($checkUser->getPublished()){
  264.                     return ["message" => 'Le compte existe déjà, <a href="' $this->generateUrl('login') . '">connectez-vous</a> ou <a href="' $this->generateUrl('ask_reset_password') . '">cliquez ici</a> pour réinitialiser votre mot de passe',"countries" => $countries"previousValues" => $request->request->all(), 'form' => $formContact->createView(), "formStatus" => $formStatus"honeypotValue" => $honeypotValue];
  265.                 }else{
  266.                     if($checkUser->getStatus() == "unverified"){
  267.                         if(($now->timestamp $checkUser->getCreationDate()) > 60){
  268.                             $token md5(uniqid('renew_token'true));
  269.                             $checkUser->setRenewToken($token);
  270.                             $nbrDays intval($websiteConfig->get('expirationDays')) === intval($websiteConfig->get('expirationDays'));
  271.                             $checkUser->setRenewExpire(Carbon::now()->addDays($nbrDays));
  272.                             $checkUser->save();
  273.                             if($orderid){
  274.                                 $order DataObject\Order::getById($orderid);
  275.                                 if($order && !$order->getLinkedUser()){
  276.                                     $order->setLinkedUser($checkUser);
  277.                                     $order->save();
  278.                                 }
  279.                             }
  280.                             /*$mail = new Mail();
  281.                             $mail->setDocument('/emails/' . $request->getLocale() . "/verify-email");
  282.                             $mail->to($checkUser->getUsername());
  283.                             $mail->setParam('Link', $this->generateUrl('verify_email_itsme', ['renew_token' => $checkUser->getRenewToken()], UrlGeneratorInterface::ABSOLUTE_URL));
  284.                             $mail->send();*/
  285.                         }else{
  286.                             Simple::log('apk_register''less that 60seconds since first register mail');
  287.                         }
  288.                         return $this->redirectToRoute('verify_email_itsme', ['renew_token' => $checkUser->getRenewToken()]);
  289.                         //return ["message" => "Votre adresse email doit être confirmée, vous allez recevoir un email de confirmation", "message_title" => "You've got mail!"];
  290.                     }else{
  291.                         return ["message" => 'Il semblerait que votre compte soit désactivé. Veuillez nous contacter.',"countries" => $countries"previousValues" => ["gender" => """firstname" => """lastname" => """email" => """password" => """confirm-email" => """phone" => ""'street' => '''zip' => '''country' => '''city' => '''prefix' => '+32'], 'form' => $formContact->createView(), "formStatus" => $formStatus"honeypotValue" => $honeypotValue];
  292.                     }
  293.                 }
  294.             }
  296.             $data $formContact->getData();
  298.             // fake variable
  299.             $address $_POST["address"];
  301.             // reCaptcha verification
  302.             $recaptchaKeyPrivate WebsiteSetting::getByName('recaptchaKeyPrivate');
  303.             $recaptcha_url 'https://www.google.com/recaptcha/api/siteverify';
  304.             $recaptcha_response $data['recaptcha'];
  305.             $recaptcha file_get_contents($recaptcha_url '?secret=' $recaptchaKeyPrivate->getData() . '&response=' $recaptcha_response);
  306.             $recaptcha json_decode($recaptcha);
  308.             if ($recaptcha->success && isset($recaptcha->score) && $recaptcha->score >= 0.3 && $address == $honeypotValue)
  309.             {
  310.                 $user = new User();
  311.                 $user->setUsername($email);
  312.                 $user->setEmail($email);
  313.                 $user->setLang($request->getLocale());
  314.                 $user->setRecaptchaScore($recaptcha->score);
  315.                 $user->setPassword($password);
  316.                 $user->setRoles(["ROLE_USER"]);
  317.                 $user->setStatus("unverified");
  318.                 $keyname Service::getValidKey($email'object');
  319.                 $user->setKey($keyname);
  320.                 $user->setParent(Folder::getByPath('/users') ?? Folder::create(['o_parentId' => 1'o_key' => 'users']));
  321.                 $user->setPublished(false);
  322.                 $token md5(uniqid('renew_token'true));
  323.                 $user->setRenewToken($token);
  324.                 $nbrDays intval($websiteConfig->get('expirationDays')) === intval($websiteConfig->get('expirationDays'));
  325.                 $user->setRenewExpire(Carbon::now()->addDays($nbrDays));
  327.                 if (WebsiteSetting::getByName("parrainage")) {
  328.                     if ($request->get('parrain')) {
  329.                         $parrain User::getByParrainageToken($request->get('parrain'))->load();
  330.                         if ($parrain) {
  331.                             $parrain $parrain[0];
  332.                         } else {
  333.                             return ["error" => "Ce code de parrainage n'existe pas.""countries" => $countries"previousValues" => ["gender" => """firstname" => """lastname" => """email" => $email"password" => $password"confirm-email" => """phone" => ""'street' => '''zip' => '''country' => '''city' => '''prefix' => '+32'], 'form' => $formContact->createView(), "formStatus" => $formStatus"honeypotValue" => $honeypotValue];
  334.                         }
  335.                         $user->setParrain($parrain);
  336.                     }
  337.                 }
  339.                 $user->save();
  341.                 if($orderid){
  342.                     $order DataObject\Order::getById($orderid);
  343.                     if($order && !$order->getLinkedUser()){
  344.                         $order->setLinkedUser($user);
  345.                         $order->save();
  346.                     }
  347.                 }
  348.                 /*$mail = new Mail();
  349.                 $mail->setDocument('/emails/' . $request->getLocale() . "/verify-email");
  350.                 $mail->to($user->getUsername());
  351.                 $mail->setParam('Link', $this->generateUrl('verify_email_itsme', ['renew_token' => $user->getRenewToken()], UrlGeneratorInterface::ABSOLUTE_URL));
  352.                 $mail->send();*/
  353.                 return $this->redirectToRoute('verify_email_itsme', ['renew_token' => $user->getRenewToken()]);
  354.                 //return ["message" => "Votre adresse email doit être confirmée, vous allez recevoir un email de confirmation", "message_title" => "You've got mail!", 'form' => $formContact->createView(), "formStatus" => $formStatus];
  355.             }else{
  356.                 $formStatus 'robot';
  357.             }
  358.         }
  359.         return ["countries" => $countries"previousValues" => ["gender" => """firstname" => """lastname" => """email" => """password" => """confirm-email" => """phone" => ""'street' => '''zip' => '''country' => '''city' => '''prefix' => '+32'], 'form' => $formContact->createView(), "formStatus" => $formStatus"honeypotValue" => $honeypotValue];
  360.     }
  362.     /**
  363.      * @Template
  364.      * @Route(
  365.      *      "{_locale}/verify-email/itsme/{renew_token}",
  366.      *      name="verify_email_itsme",
  367.      *      methods={"GET"}
  368.      * )
  369.      */
  370.     public function verifyEmailItsmeAction(Request $request\Pimcore\Config\Config $websiteConfig,
  371.                                            GuardAuthenticatorHandler $guard,
  372.                                            AppAuthenticator $formAuthenticator)
  373.     {
  374.         if ($request->get('renew_token')) {
  375.             $user User::getByRenewToken($request->get("renew_token"), ['limit' => 1'unpublished' => true]);
  376.             if (!$user) {
  377.                 return ["error" => "Vous devez définir un token valide""message" => false];
  378.             }
  380.             $user->setPublished(true);
  382.             $user->save();
  384.             //login automatique du user
  385.             $guard->authenticateUserAndHandleSuccess(
  386.                 $user,
  387.                 $request,
  388.                 $formAuthenticator,
  389.                 'app_admin'
  390.             );
  392.             return ["userid" => $user->getId()];
  393.         } else {
  394.             return ["error" => "Vous devez définir un token valide""message" => false];
  395.         }
  396.     }
  398.     /**
  399.      * @Template
  400.      * @Route(
  401.      *      "{_locale}/verify-email/{renew_token}",
  402.      *      name="verify_email",
  403.      *      methods={"GET"}
  404.      * )
  405.      */
  406.     public function verifyEmailAction(Request $request\Pimcore\Config\Config $websiteConfig)
  407.     {
  408.         if ($request->get('renew_token')) {
  409.             $user User::getByRenewToken($request->get("renew_token"), ['limit' => 1'unpublished' => true]);
  410.             if (!$user) {
  411.                 return ["error" => "Vous devez définir un token valide""message" => false];
  412.             }
  414.             $user->setRenewToken(null);
  415.             $user->setRenewExpire(null);
  416.             $user->setStatus("verified");
  417.             $user->save();
  419.             $countries DataObject\Service::getOptionsForSelectField("Pimcore\Model\DataObject\User""country");
  421.             return $this->render('user/details.html.twig',
  422.                 ["user" => $user"countries" => $countries"message" => "You have been verified."]
  423.             );
  424.         } else {
  425.             return ["error" => "Vous devez définir un token valide""message" => false];
  426.         }
  427.     }
  429.     /**
  430.      * @Route("/before-logout", name="beforeLogout", methods={"GET"})
  431.      */
  432.     public function beforeLogout()
  433.     {
  434.         // \Pimcore\Cache::clearTag("pimcore_viewcache_header_cache");
  435.         return $this->redirectToRoute("logout");
  436.     }
  438.     /**
  439.      * @Route("/logout", name="logout", methods={"GET"})
  440.      */
  441.     public function logout()
  442.     {
  443.         // controller can be blank: it will never be executed!
  444.         throw new \Exception('Don\'t forget to activate logout in security.yaml');
  445.     }
  446. }