vendor/sylius/sylius/src/Sylius/Bundle/UserBundle/Controller/UserController.php line 68

Open in your IDE?
  1. <?php
  3. /*
  4. * This file is part of the Sylius package.
  5. *
  6. * (c) Paweł Jędrzejewski
  7. *
  8. * For the full copyright and license information, please view the LICENSE
  9. * file that was distributed with this source code.
  10. */
  12. declare(strict_types=1);
  14. namespace Sylius\Bundle\UserBundle\Controller;
  16. use FOS\RestBundle\View\View;
  17. use Sylius\Bundle\ResourceBundle\Controller\RequestConfiguration;
  18. use Sylius\Bundle\ResourceBundle\Controller\ResourceController;
  19. use Sylius\Bundle\UserBundle\Form\Model\ChangePassword;
  20. use Sylius\Bundle\UserBundle\Form\Model\PasswordReset;
  21. use Sylius\Bundle\UserBundle\Form\Model\PasswordResetRequest;
  22. use Sylius\Bundle\UserBundle\Form\Type\UserChangePasswordType;
  23. use Sylius\Bundle\UserBundle\Form\Type\UserRequestPasswordResetType;
  24. use Sylius\Bundle\UserBundle\Form\Type\UserResetPasswordType;
  25. use Sylius\Bundle\UserBundle\UserEvents;
  26. use Sylius\Component\User\Model\UserInterface;
  27. use Sylius\Component\User\Repository\UserRepositoryInterface;
  28. use Sylius\Component\User\Security\Generator\GeneratorInterface;
  29. use Symfony\Component\EventDispatcher\GenericEvent;
  30. use Symfony\Component\Form\FormInterface;
  31. use Symfony\Component\HttpFoundation\RedirectResponse;
  32. use Symfony\Component\HttpFoundation\Request;
  33. use Symfony\Component\HttpFoundation\Response;
  34. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  35. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  36. use Webmozart\Assert\Assert;
  38. class UserController extends ResourceController
  39. {
  40. public function changePasswordAction(Request $request): Response
  41. {
  42. $configuration = $this->requestConfigurationFactory->create($this->metadata, $request);
  44. if (!$this->container->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
  45. throw new AccessDeniedException('You have to be registered user to access this section.');
  46. }
  48. $user = $this->container->get('security.token_storage')->getToken()->getUser();
  50. $changePassword = new ChangePassword();
  51. $formType = $this->getSyliusAttribute($request, 'form', UserChangePasswordType::class);
  52. $form = $this->createResourceForm($configuration, $formType, $changePassword);
  54. if (in_array($request->getMethod(), ['POST', 'PUT', 'PATCH'], true) && $form->handleRequest($request)->isValid()) {
  55. return $this->handleChangePassword($request, $configuration, $user, $changePassword->getNewPassword());
  56. }
  58. if (!$configuration->isHtmlRequest()) {
  59. return $this->viewHandler->handle($configuration, View::create($form, Response::HTTP_BAD_REQUEST));
  60. }
  62. return new Response($this->container->get('twig')->render(
  63. $configuration->getTemplate('changePassword.html'),
  64. ['form' => $form->createView()],
  65. ));
  66. }
  68. public function requestPasswordResetTokenAction(Request $request): Response
  69. {
  70. /** @var GeneratorInterface $generator */
  71. $generator = $this->container->get(sprintf('sylius.%s.token_generator.password_reset', $this->metadata->getName()));
  73. return $this->prepareResetPasswordRequest($request, $generator, UserEvents::REQUEST_RESET_PASSWORD_TOKEN);
  74. }
  76. public function requestPasswordResetPinAction(Request $request): Response
  77. {
  78. /** @var GeneratorInterface $generator */
  79. $generator = $this->container->get(sprintf('sylius.%s.pin_generator.password_reset', $this->metadata->getName()));
  81. return $this->prepareResetPasswordRequest($request, $generator, UserEvents::REQUEST_RESET_PASSWORD_PIN);
  82. }
  84. public function resetPasswordAction(Request $request, string $token): Response
  85. {
  86. $configuration = $this->requestConfigurationFactory->create($this->metadata, $request);
  87. /** @var UserInterface|null $user */
  88. $user = $this->repository->findOneBy(['passwordResetToken' => $token]);
  89. if (null === $user) {
  90. throw new NotFoundHttpException('Token not found.');
  91. }
  93. $resetting = $this->metadata->getParameter('resetting');
  94. $lifetime = new \DateInterval($resetting['token']['ttl']);
  95. if (!$user->isPasswordRequestNonExpired($lifetime)) {
  96. return $this->handleExpiredToken($request, $configuration, $user);
  97. }
  99. $passwordReset = new PasswordReset();
  100. $formType = $this->getSyliusAttribute($request, 'form', UserResetPasswordType::class);
  101. $form = $this->createResourceForm($configuration, $formType, $passwordReset);
  103. if (in_array($request->getMethod(), ['POST', 'PUT', 'PATCH'], true) && $form->handleRequest($request)->isValid()) {
  104. return $this->handleResetPassword($request, $configuration, $user, $passwordReset->getPassword());
  105. }
  107. if (!$configuration->isHtmlRequest()) {
  108. return $this->viewHandler->handle($configuration, View::create($form, Response::HTTP_BAD_REQUEST));
  109. }
  111. return new Response($this->container->get('twig')->render(
  112. $configuration->getTemplate('resetPassword.html'),
  113. [
  114. 'form' => $form->createView(),
  115. 'user' => $user,
  116. ],
  117. ));
  118. }
  120. public function verifyAction(Request $request, string $token): Response
  121. {
  122. $configuration = $this->requestConfigurationFactory->create($this->metadata, $request);
  123. $redirectRoute = $this->getSyliusAttribute($request, 'redirect', null);
  125. $response = $this->redirectToRoute($redirectRoute);
  127. /** @var UserInterface|null $user */
  128. $user = $this->repository->findOneBy(['emailVerificationToken' => $token]);
  129. if (null === $user) {
  130. if (!$configuration->isHtmlRequest()) {
  131. return $this->viewHandler->handle($configuration, View::create($configuration, Response::HTTP_BAD_REQUEST));
  132. }
  134. $this->addTranslatedFlash('error', 'sylius.user.verify_email_by_invalid_token');
  136. return $this->redirectToRoute($redirectRoute);
  137. }
  139. $user->setVerifiedAt(new \DateTime());
  140. $user->setEmailVerificationToken(null);
  141. $user->enable();
  143. $eventDispatcher = $this->container->get('event_dispatcher');
  144. $eventDispatcher->dispatch(new GenericEvent($user), UserEvents::PRE_EMAIL_VERIFICATION);
  146. $this->manager->flush();
  148. $eventDispatcher->dispatch(new GenericEvent($user), UserEvents::POST_EMAIL_VERIFICATION);
  150. if (!$configuration->isHtmlRequest()) {
  151. return $this->viewHandler->handle($configuration, View::create($user));
  152. }
  154. $flashMessage = $this->getSyliusAttribute($request, 'flash', 'sylius.user.verify_email');
  155. $this->addTranslatedFlash('success', $flashMessage);
  157. return $response;
  158. }
  160. public function requestVerificationTokenAction(Request $request): Response
  161. {
  162. $configuration = $this->requestConfigurationFactory->create($this->metadata, $request);
  163. $redirectRoute = $this->getSyliusAttribute($request, 'redirect', 'referer');
  165. $user = $this->getUser();
  166. if (null === $user) {
  167. if (!$configuration->isHtmlRequest()) {
  168. return $this->viewHandler->handle($configuration, View::create($configuration, Response::HTTP_UNAUTHORIZED));
  169. }
  171. $this->addTranslatedFlash('notice', 'sylius.user.verify_no_user');
  173. return $this->redirectHandler->redirectToRoute($configuration, $redirectRoute);
  174. }
  176. if (null !== $user->getVerifiedAt()) {
  177. if (!$configuration->isHtmlRequest()) {
  178. return $this->viewHandler->handle($configuration, View::create($configuration, Response::HTTP_BAD_REQUEST));
  179. }
  181. $this->addTranslatedFlash('notice', 'sylius.user.verify_verified_email');
  183. return $this->redirectHandler->redirectToRoute($configuration, $redirectRoute);
  184. }
  186. /** @var GeneratorInterface $tokenGenerator */
  187. $tokenGenerator = $this->container->get(sprintf('sylius.%s.token_generator.email_verification', $this->metadata->getName()));
  188. $user->setEmailVerificationToken($tokenGenerator->generate());
  190. $this->manager->flush();
  192. $eventDispatcher = $this->container->get('event_dispatcher');
  193. $eventDispatcher->dispatch(new GenericEvent($user), UserEvents::REQUEST_VERIFICATION_TOKEN);
  195. if (!$configuration->isHtmlRequest()) {
  196. return $this->viewHandler->handle($configuration, View::create(null, Response::HTTP_NO_CONTENT));
  197. }
  199. $this->addTranslatedFlash('success', 'sylius.user.verify_email_request');
  201. return $this->redirectHandler->redirectToRoute($configuration, $redirectRoute);
  202. }
  204. protected function prepareResetPasswordRequest(Request $request, GeneratorInterface $generator, string $senderEvent): Response
  205. {
  206. $configuration = $this->requestConfigurationFactory->create($this->metadata, $request);
  208. $passwordReset = new PasswordResetRequest();
  209. $formType = $this->getSyliusAttribute($request, 'form', UserRequestPasswordResetType::class);
  210. $form = $this->createResourceForm($configuration, $formType, $passwordReset);
  211. $template = $this->getSyliusAttribute($request, 'template', null);
  212. if ($configuration->isHtmlRequest()) {
  213. Assert::notNull($template, 'Template is not configured.');
  214. }
  216. if (in_array($request->getMethod(), ['POST', 'PUT', 'PATCH'], true) && $form->handleRequest($request)->isValid()) {
  217. $userRepository = $this->repository;
  219. /** @var UserRepositoryInterface $userRepository */
  220. Assert::isInstanceOf($userRepository, UserRepositoryInterface::class);
  222. $user = $userRepository->findOneByEmail($passwordReset->getEmail());
  223. if (null !== $user) {
  224. $this->handleResetPasswordRequest($generator, $user, $senderEvent);
  225. }
  227. if (!$configuration->isHtmlRequest()) {
  228. return $this->viewHandler->handle($configuration, View::create(null, Response::HTTP_NO_CONTENT));
  229. }
  231. $this->addTranslatedFlash('success', 'sylius.user.reset_password_request');
  232. $redirectRoute = $this->getSyliusAttribute($request, 'redirect', null);
  233. Assert::notNull($redirectRoute, 'Redirect is not configured.');
  235. if (is_array($redirectRoute)) {
  236. return $this->redirectHandler->redirectToRoute(
  237. $configuration,
  238. $configuration->getParameters()->get('redirect')['route'],
  239. $configuration->getParameters()->get('redirect')['parameters'],
  240. );
  241. }
  243. return $this->redirectHandler->redirectToRoute($configuration, $redirectRoute);
  244. }
  246. if (!$configuration->isHtmlRequest()) {
  247. return $this->viewHandler->handle($configuration, View::create($form, Response::HTTP_BAD_REQUEST));
  248. }
  250. return new Response($this->container->get('twig')->render(
  251. $template,
  252. [
  253. 'form' => $form->createView(),
  254. ],
  255. ));
  256. }
  258. protected function addTranslatedFlash(string $type, string $message): void
  259. {
  260. $translator = $this->container->get('translator');
  261. $this->container->get('session')->getFlashBag()->add($type, $translator->trans($message, [], 'flashes'));
  262. }
  264. /**
  265. * @param object $object
  266. */
  267. protected function createResourceForm(
  268. RequestConfiguration $configuration,
  269. string $type,
  270. $object,
  271. ): FormInterface {
  272. if (!$configuration->isHtmlRequest()) {
  273. return $this->container->get('form.factory')->createNamed('', $type, $object, ['csrf_protection' => false]);
  274. }
  276. return $this->container->get('form.factory')->create($type, $object);
  277. }
  279. protected function handleExpiredToken(Request $request, RequestConfiguration $configuration, UserInterface $user): Response
  280. {
  281. $user->setPasswordResetToken(null);
  282. $user->setPasswordRequestedAt(null);
  284. $this->manager->flush();
  286. if (!$configuration->isHtmlRequest()) {
  287. return $this->viewHandler->handle($configuration, View::create($user, Response::HTTP_BAD_REQUEST));
  288. }
  290. $this->addTranslatedFlash('error', 'sylius.user.expire_password_reset_token');
  292. $redirectRouteName = $this->getSyliusAttribute($request, 'redirect', null);
  293. Assert::notNull($redirectRouteName, 'Redirect is not configured.');
  295. return new RedirectResponse($this->container->get('router')->generate($redirectRouteName));
  296. }
  298. protected function handleResetPasswordRequest(
  299. GeneratorInterface $generator,
  300. UserInterface $user,
  301. string $senderEvent,
  302. ): void {
  303. $user->setPasswordResetToken($generator->generate());
  304. $user->setPasswordRequestedAt(new \DateTime());
  306. // I have to use doctrine manager directly, because domain manager functions add a flash messages. I can't get rid of them.
  307. $manager = $this->container->get('doctrine.orm.default_entity_manager');
  308. $manager->persist($user);
  309. $manager->flush();
  311. $dispatcher = $this->container->get('event_dispatcher');
  312. $dispatcher->dispatch(new GenericEvent($user), $senderEvent);
  313. }
  315. protected function handleResetPassword(
  316. Request $request,
  317. RequestConfiguration $configuration,
  318. UserInterface $user,
  319. string $newPassword,
  320. ): Response {
  321. $user->setPlainPassword($newPassword);
  322. $user->setPasswordResetToken(null);
  323. $user->setPasswordRequestedAt(null);
  325. $dispatcher = $this->container->get('event_dispatcher');
  326. $dispatcher->dispatch(new GenericEvent($user), UserEvents::PRE_PASSWORD_RESET);
  328. $this->manager->flush();
  329. $this->addTranslatedFlash('success', 'sylius.user.reset_password');
  331. $dispatcher->dispatch(new GenericEvent($user), UserEvents::POST_PASSWORD_RESET);
  333. if (!$configuration->isHtmlRequest()) {
  334. return $this->viewHandler->handle($configuration, View::create(null, Response::HTTP_NO_CONTENT));
  335. }
  337. $redirectRouteName = $this->getSyliusAttribute($request, 'redirect', null);
  338. Assert::notNull($redirectRouteName, 'Redirect is not configured.');
  340. return new RedirectResponse($this->container->get('router')->generate($redirectRouteName));
  341. }
  343. protected function handleChangePassword(
  344. Request $request,
  345. RequestConfiguration $configuration,
  346. UserInterface $user,
  347. string $newPassword,
  348. ): Response {
  349. $user->setPlainPassword($newPassword);
  351. $dispatcher = $this->container->get('event_dispatcher');
  352. $dispatcher->dispatch(new GenericEvent($user), UserEvents::PRE_PASSWORD_CHANGE);
  354. $this->manager->flush();
  355. $this->addTranslatedFlash('success', 'sylius.user.change_password');
  357. $dispatcher->dispatch(new GenericEvent($user), UserEvents::POST_PASSWORD_CHANGE);
  359. if (!$configuration->isHtmlRequest()) {
  360. return $this->viewHandler->handle($configuration, View::create(null, Response::HTTP_NO_CONTENT));
  361. }
  363. $redirectRouteName = $this->getSyliusAttribute($request, 'redirect', null);
  364. Assert::notNull($redirectRouteName, 'Redirect is not configured.');
  366. return new RedirectResponse($this->container->get('router')->generate($redirectRouteName));
  367. }
  369. protected function getUser(): ?UserInterface
  370. {
  371. $user = parent::getUser();
  372. $authorizationChecker = $this->container->get('security.authorization_checker');
  374. if (
  375. $authorizationChecker->isGranted('IS_AUTHENTICATED_REMEMBERED') &&
  376. $user instanceof UserInterface
  377. ) {
  378. return $user;
  379. }
  381. return null;
  382. }
  384. private function getSyliusAttribute(Request $request, string $attribute, $default = null)
  385. {
  386. $attributes = $request->attributes->get('_sylius');
  388. return $attributes[$attribute] ?? $default;
  389. }
  390. }