src/Controller/SecurityController.php line 152

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\Letter;
  6. use App\Entity\Organization;
  7. use App\Entity\ResetPasswordToken;
  8. use App\Entity\User;
  9. use App\Entity\UserProfile;
  10. use App\Exception\UnauthorizedRegistrationException;
  11. use App\Exception\UnmatchedDomainException;
  12. use App\Form\User\AccountCreationFormType;
  13. use App\Form\User\PasswordFormType;
  14. use App\Repository\UserRepository;
  15. use App\Service\Mailer\SattMailer;
  16. use App\Service\Notifier\SattNotificationService;
  17. use App\Service\UserRegisterService;
  18. use Doctrine\ORM\EntityManagerInterface;
  19. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  20. use Symfony\Component\Form\Extension\Core\Type\EmailType;
  21. use Symfony\Component\Form\Extension\Core\Type\SubmitType;
  22. use Symfony\Component\HttpFoundation\Request;
  23. use Symfony\Component\HttpFoundation\Response;
  24. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  25. use Symfony\Component\Routing\Annotation\Route;
  26. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  27. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  28. use Symfony\Contracts\Translation\TranslatorInterface;
  29. use App\Service\TwoFactorAuthService;
  30. use Symfony\Component\Security\Core\Security;
  31. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  33. /**
  34.  * Class SecurityController.
  35.  */
  36. class SecurityController extends AbstractController
  37. {
  38.     private $sattMailer;
  39.     private UserPasswordHasherInterface $passwordHasher;
  40.     private $sattNotification;
  41.     private EntityManagerInterface $em;
  42.     private TwoFactorAuthService $twoFactorAuthService;
  44.     public function __construct(
  45.         SattMailer $sattMailer,
  46.         UserPasswordHasherInterface $passwordHasher,
  47.         SattNotificationService $sattNotification,
  48.         EntityManagerInterface $entityManager,
  49.         TwoFactorAuthService $twoFactorAuthService,
  50.     ) {
  51.         $this->sattMailer $sattMailer;
  52.         $this->passwordHasher $passwordHasher;
  53.         $this->sattNotification $sattNotification;
  54.         $this->em $entityManager;
  55.         $this->twoFactorAuthService $twoFactorAuthService;
  56.     }
  58.     #[Route(path'/'name'app_login'options: ['expose' => true])]
  59.     public function login(AuthenticationUtils $authenticationUtils): Response
  60.     {
  61.         // if ($this->getUser()) {
  62.         //     return $this->redirectToRoute('target_path');
  63.         // }
  65.         // get the login error if there is one
  66.         $error $authenticationUtils->getLastAuthenticationError();
  67.         // last username entered by the user
  68.         $lastUsername $authenticationUtils->getLastUsername();
  70.         return $this->render('security/login.html.twig', ['last_username' => $lastUsername'error' => $error]);
  71.     }
  73.     #[Route(path'/logout'name'app_logout')]
  74.     public function logout()
  75.     {
  76.         throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
  77.     }
  79.     #[Route(path'/create'name'create_account')]
  80.     public function createAccount(
  81.         Request $request,
  82.         UserRepository $userRepository,
  83.         UserRegisterService $userRegisterService,
  84.         TranslatorInterface $translator
  85.     ) {
  86.         $form $this->createForm(AccountCreationFormType::class);
  88.         $form->handleRequest($request);
  90.         if ($form->isSubmitted() && $form->isValid()) {
  91.             /** @var User $userForm */
  92.             $userForm $form->getData();
  94.             $isFormFlawed false;
  95.             if ($userRepository->findOneByAttribute($form['email']->getData(), 'email')) {
  96.                 $this->addFlash('error''flash.email_taken');
  97.                 $isFormFlawed true;
  98.             }
  99.             // Statut is required by the form, no need to check if null
  100.             if (!$userForm->getOrganization() || Organization::TYPE_UNIVERSITY !== $userForm->getOrganization()->getType()) {
  101.                 if ($userForm->getStatut()->getIsUniversityRequired()) {
  102.                     $this->addFlash('error''flash.statut_require_university');
  103.                     $isFormFlawed true;
  104.                 }
  105.             }
  107.             /* // Handle usernames
  108.             if($this->getDoctrine()->getRepository(User::class)->findOneByAttribute($form['username']->getData(), 'username')){
  109.                 //$this->addFlash('error', 'flash.username_taken');
  110.                 $isFormFlawed = true;
  111.             } */
  113.             if ($isFormFlawed) {
  114.                 return $this->render('security/create_account.html.twig', ['form' => $form->createView()]);
  115.             }
  117.             try {
  118.                 $user = new User();
  119.     
  120.                 $user->setEmail($userForm->getEmail())
  121.                     ->setFirstName($userForm->getFirstName())
  122.                     ->setLastName($userForm->getLastName())
  123.                     ->setStatut($userForm->getStatut())
  124.                     ->setOrganization($userForm->getOrganization())
  125.                     ->setPassword($this->passwordHasher->hashPassword($user$form['password']->getData()))
  126.                     ->setUserProfile((new UserProfile()))
  127.                     ->setUsername('user_'.uniqid());
  128.     
  129.                 $entityManager $this->em;
  130.                 $userRegisterService->register($user);
  131.                 $entityManager->persist($user);
  132.     
  133.                 $entityManager->flush();
  134.     
  135.                 $this->addFLash('success''flash.creation_success');
  136.             } catch (UnmatchedDomainException $e) {
  137.                 $this->addFLash('error'$translator->trans('flash.register.unmatched_domain_error', ['%domain%' => $e->getMessage()]));
  138.             } catch (UnauthorizedRegistrationException $e) {
  139.                 $this->addFLash('error''flash.register.creation_error');
  140.             }
  142.             return $this->redirectToRoute('app_login');
  143.         }
  145.         return $this->render(
  146.             'security/create_account.html.twig',
  147.             ['form' => $form->createView()]
  148.         );
  149.     }
  151.     #[Route(path'/change-password'name'change_password')]
  152.     public function forgottenPassword(Request $requestUserRepository $userRepository)
  153.     {
  154.         $form $this->createFormBuilder()
  155.         ->add('email'EmailType::class, ['label' => 'form.label.email'])
  156.         ->add('submit'SubmitType::class, ['label' => 'form.action.reinitialized'])
  157.         ->getForm();
  159.         $form->handleRequest($request);
  161.         if ($form->isSubmitted() && $form->isValid()) {
  162.             /** @var User $user */
  163.             if ($user $userRepository->findOneByAttribute($form['email']->getData(), 'email')) {
  164.                 if (!($token $user->getResetPasswordToken())) { // No token associated to User
  165.                     $token = new ResetPasswordToken();
  166.                 } /* else {    // Do not resend a token if the user has a valid reset password token
  167.                     if ($user->getResetPasswordToken()->isItExpired(time(), $this->getParameter('RESET_PASSWORD_TOKEN_EXPIRATION_DELAY'))) {
  168.                         return $this->redirectToRoute('app_login');
  169.                     }
  170.                 } */ else {
  171.                     $token $user->getResetPasswordToken();
  172.                 }
  174.                 $entityManager $this->em;
  175.                 // Token value
  176.                 $tokenValue rtrim(strtr(base64_encode(random_bytes(64)), '+/''-_'), '=');
  178.                 $token
  179.                     ->setValue($tokenValue)
  180.                     ->setExpirationDate(time() + $this->getParameter('RESET_PASSWORD_TOKEN_EXPIRATION_DELAY'));
  181.                 $user->setResetPasswordToken($token);
  182.                 $entityManager->persist($token);
  183.                 $entityManager->persist($user);
  184.                 $entityManager->flush();
  186.                 $url $this->generateUrl(
  187.                     'reset_password'
  188.                     ['token' => $token->getValue()], 
  189.                     UrlGeneratorInterface::ABSOLUTE_URL
  190.                 );
  192.                 $this->sattMailer->sendComputedEmailByCode(
  193.                     [$form['email']->getData()],
  194.                     Letter::CODE['USER_RESET_PASSWORD'],
  195.                     [],
  196.                     array_merge($user->getBindings(), [
  197.                         'USER.RESET.PASSWORD' => $url
  198.                     ])
  199.                 );
  200.                 
  201.                 $this->addFlash('success''flash.reset_password');
  202.             }
  204.             return $this->redirectToRoute('change_password');
  205.         }
  207.         return $this->render(
  208.             'security/change_password.html.twig',
  209.             ['form' => $form->createView(), 'error' => null]
  210.         );
  211.     }
  213.     /**
  214.      * Handle password reset with tokens sent by mail.
  215.      */
  216.     #[Route(path'/reset-password-token'name'reset_password')]
  217.     public function resetPassword(Request $requestUserRepository $userRepository)
  218.     {
  219.         if (!$request->query->get('token')) {
  220.             return $this->redirectToRoute('app_login');
  221.         }
  223.         $tokenValue $request->query->get('token');
  224.         /** @var User $tuser */
  225.         $user $userRepository->findOneByResetToken($tokenValue);
  227.         //verify if token exists/is expired
  228.         if (!$user || $user->getResetPasswordToken()->isItExpired(time(), $this->getParameter('RESET_PASSWORD_TOKEN_EXPIRATION_DELAY'))) {
  229.             $this->addFlash('error''flash.user_profile.invalid_token');
  231.             return $this->redirectToRoute('app_login');
  232.         }
  234.         $form $this->createForm(PasswordFormType::class);
  235.         $form->handleRequest($request);
  237.         if ($form->isSubmitted() && $form->isValid()) {
  238.             $entityManager $this->em;
  240.             $user->setPassword($this->passwordHasher->hashPassword($user$form['newPassword']->getData()));
  241.             $token $user->getResetPasswordToken();
  243.             $entityManager->persist($user);
  244.             $entityManager->remove($token);
  245.             $entityManager->flush();
  246.             $this->addFLash('success''flash.user_profile.password_reset_success');
  248.             return $this->redirectToRoute('app_login');
  249.         }
  251.         return $this->render(
  252.             'security/change_password_form.html.twig',
  253.             ['form' => $form->createView()]
  254.         );
  255.     }
  257.     #[Route('/2fa'name'app_2fa')]
  258.     public function twoFactor(Request $requestSecurity $securityTwoFactorAuthService $twoFactorAuthServiceSessionInterface $session): Response
  259.     {
  260.         /** @var User $user */
  261.         $user $security->getUser();
  263.         if (!$user) {
  264.             return $this->redirectToRoute('app_login');
  265.         }
  267.         // si 2FA désactivée ou déjà validée → on rebondit
  268.         if (!$user->isTwoFactorEnabled() || $session->get('2fa_verified'false)) {
  269.             $route \array_intersect(['ROLE_ADMIN','ROLE_SCIENTIFIC_ADMIN'], $user->getRoles()) ? 'admin' 'dashboard';
  270.             return $this->redirectToRoute($route);
  271.         }
  273.         if ($request->isMethod('POST')) {
  274.             $code $request->request->get('code');
  275.             $expiresAt $user->getTwoFactorExpiresAt();
  277.             if ($user->getTwoFactorCode() === $code && $expiresAt > new \DateTime()) {
  278.                 $session->set('2fa_verified'true);
  279.                 $twoFactorAuthService->clear($user);
  281.                 if (in_array('ROLE_ADMIN'$user->getRoles(), true)) {
  282.                     return $this->redirectToRoute('admin'); 
  283.                 }
  284.                 return $this->redirectToRoute('dashboard'); 
  285.             }
  287.             $this->addFlash('danger''Code invalide ou expiré');
  288.         }
  290.         return $this->render('security/2fa.html.twig');
  291.     }
  292. }