src/Controller/AuthController.php line 67

Open in your IDE?
  1. <?php
  2. declare(strict_types=1);
  4. namespace App\Controller;
  6. use App\Logger\Log;
  7. use App\Form\AuthForm;
  8. use App\Entity\BaseAuth;
  9. use App\Form\CommonForm;
  10. use App\Service\AuthService;
  11. use App\Service\FileService;
  12. use App\Service\EmailService;
  13. use App\Service\IAuthService;
  14. use App\Service\IEmailService;
  15. use App\Service\OptionService;
  16. use App\Service\SchoolService;
  17. use App\Service\IOptionService;
  18. use Symfony\Component\Asset\Packages;
  19. use Doctrine\ORM\EntityManagerInterface;
  20. use Symfony\Component\HttpFoundation\Request;
  21. use Symfony\Component\Security\Core\Security;
  22. use Symfony\Component\HttpFoundation\Response;
  23. use Symfony\Component\Security\Csrf\CsrfToken;
  24. use Symfony\Component\Routing\Annotation\Route;
  25. use Symfony\Component\HttpFoundation\JsonResponse;
  26. use Symfony\Contracts\Translation\TranslatorInterface;
  27. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  28. use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
  29. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  30. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  32. class AuthController extends BaseController
  33. {
  34.     private AuthForm $authForm;
  35.     
  36.     public function __construct(
  37.         AuthForm $authForm,
  38.         AuthService $authService,
  39.         EmailService $notifyService,
  40.         OptionService $optionService,
  41.         SchoolService $schoolService,
  42.         Security $security,
  43.         FileService $fileService,
  44.         SessionInterface $session,
  45.         Packages $assetsManager,
  46.         TranslatorInterface $translator,
  47.         Log $log
  48.     ) {
  49.         parent::__construct(
  50.             $authService,
  51.             $notifyService,
  52.             $optionService,
  53.             $fileService,
  54.             $session,
  55.             $assetsManager,
  56.             $translator,
  57.             $log,
  58.             $security,
  59.             $schoolService
  60.         );
  61.         $this->authForm $authForm;
  62.     }
  64.     /**
  65.      * @Route("/login", name="auth_signin")
  66.      */
  67.     public function signIn(Request $requestAuthenticationUtils $authenticationUtilsParameterBagInterface $parameter): Response
  68.     {
  69.         $lastUserName $authenticationUtils->getLastUsername();
  70.         $lastError $authenticationUtils->getLastAuthenticationError();
  71.         
  72.         $view ='auth/sign_in.html.twig';
  73.         if($parameter->get('app.user') == IAuthService::ROLE_FAMILY){
  74.             $view ='auth/sign_family.html.twig';
  75.         }
  76.         return $this->render($view, [
  77.             'lastUser' => $lastUserName,
  78.             'lastError' => $lastError,
  79.             'env' => $parameter->get('app.env')
  80.         ]);
  81.     }
  83.     /**
  84.      * @Route("/forgot", name="auth_forgot_password")
  85.      */
  86.     public function forgotPassword(Request $requestCsrfTokenManagerInterface $csrfTokenManager): Response
  87.     {
  88.         if ($request->isMethod('POST') && $request->isXmlHttpRequest()) {
  89.             $token = new CsrfToken('form_forgot_password'$request->request->get('token'));
  90.             if ($csrfTokenManager->isTokenValid($token)) {
  91.                 $result $this->authForm->checkForgot($request$this->session);
  92.                 if ($result instanceof BaseAuth) {
  93.                     $this->notifyService->sendMail(
  94.                         $this->translator->trans('activation_code'),
  95.                         'forgot_password',
  96.                         [
  97.                             'email' => $result->getEmail(),
  98.                             'data' => [
  99.                                 'fullname' => $result->getFullName(),
  100.                                 'code' => $result->getValidationCode(),
  101.                                 'time_elapsed' => IOptionService::MAX_ACCOUNT_ACTIVATION_TIME,
  102.                                 'app_url' => IOptionService::BASE_URL,
  103.                                 'support_mail' => IEmailService::SUPPORT,
  104.                                 'logo' => IOptionService::CDN_LOGO,
  105.                                 'favicon' => IOptionService::CDN_FAVICON,
  106.                             ],
  107.                         ]
  108.                     );
  109.                     return new JsonResponse(null200);
  111.                 } else if(is_array($result)){
  112.                     return new JsonResponse($result400);
  113.                 }
  114.                 return new JsonResponse(null200);
  115.             }
  116.             return new JsonResponse(null200);
  117.         }
  119.         return $this->render('auth/forgot_password.html.twig');
  120.     }
  122.     /**
  123.      * @Route("/activation", name="auth_activation")
  124.      */
  125.     public function activation(Request $requestCsrfTokenManagerInterface $csrfTokenManager): Response
  126.     {
  127.         $account $this->session->get(IOptionService::SESSION_ACCOUNT);
  128.         if (null == $account || !in_array($account['step'], ['signin_staff_activation''signup_activation''forgot_activation''signin_activation'])) {
  129.             $this->log->writeLog(
  130.                 [
  131.                     IOptionService::KEY_CLASS => get_class($this),
  132.                     IOptionService::KEY_FUNCTION => __FUNCTION__,
  133.                     IOptionService::KEY_URL => $request->getRequestUri(),
  134.                     IOptionService::KEY_ACCOUNT => 'UNKNOWN',
  135.                     IOptionService::KEY_MESSAGE => 'activation url error not in array',
  136.                     IOptionService::KEY_CATEGORY => 'HACK',
  137.                 ],
  138.                 Log::MESSAGE_ERROR
  139.             );
  140.             $this->session->invalidate();
  141.             return $this->redirectToRoute('auth_signout');
  142.         }
  144.         $referer $request->headers->get("referer"); // get the referer, it can be empty!
  145.         if (!\is_string($referer) || !$referer) {
  146.             $this->log->writeLog(
  147.                 [
  148.                     IOptionService::KEY_CLASS => get_class($this),
  149.                     IOptionService::KEY_FUNCTION => __FUNCTION__,
  150.                     IOptionService::KEY_URL => $request->getRequestUri(),
  151.                     IOptionService::KEY_ACCOUNT => $account["email"],
  152.                     IOptionService::KEY_MESSAGE => "activation with no referrer",
  153.                     IOptionService::KEY_CATEGORY => "HACK"
  154.                 ],
  155.                 Log::MESSAGE_ERROR
  156.             );
  157.             $this->session->invalidate();
  158.             return $this->redirectToRoute("auth_signout");
  159.         }
  161.         $title $message $step null;
  162.         if ('signin_activation' == $account['step']) {
  163.             $title $this->translator->trans('activation_code');
  164.             $message $this->translator->trans('signup_activation_code_info1');
  165.             $step 'signin_activation';
  166.         } elseif ('forgot_activation' == $account['step']) {
  167.             $title $this->translator->trans('activation_code');
  168.             $message $this->translator->trans('forgot_activation_code_info2', ['%0%' => CommonForm::maskEmail($account['email'])]);
  169.             $step 'forgot_activation';
  170.         }
  171.         if ($request->isMethod("POST") && $request->isXmlHttpRequest()) {
  172.             $token = new CsrfToken("activation_form"$request->request->get("token"));
  173.             if ($csrfTokenManager->isTokenValid($token)) {
  174.                 $jsonData $this->authForm->checkActivation($request$this->session$this->log$this->getUser());
  175.                 if ($jsonData != null) {
  176.                     if ($account["step"] == "signin_activation") {
  177.                         if ($jsonData == IOptionService::RESPONSE_AUTH) {
  178.                             //clean session
  179.                             $this->session->remove(IOptionService::SESSION_ACCOUNT);
  180.                             //create new session file
  181.                             $this->fileService->createSessionFile(
  182.                                 "app.connection_dir",
  183.                                 $account["email"],
  184.                                 $request->getSession()->getId(),
  185.                                 (new \DateTime())->format("Y-m-d")
  186.                             );
  187.                         }
  188.                         return new JsonResponse($jsonData200);
  189.                     }
  190.                     if ($account["step"] == "forgot_activation") {
  191.                         return new JsonResponse($jsonData200);
  192.                     }
  193.                 }
  194.             }
  195.             return new JsonResponse($this->translator->trans('wrong_activation_code'), 200);
  196.         }
  197.         return $this->render(
  198.             "auth/activation.html.twig",
  199.             [
  200.                 "title" => $title,
  201.                 "message" => $message,
  202.                 "step" => $step
  203.             ]
  204.         );
  205.     }
  207.     /**
  208.      * @Route("/resend-activation-code", name="auth_resent_activation_code")
  209.      */
  210.     public function resendActivationCode(Request $requestEntityManagerInterface $manager): Response
  211.     {
  212.         $account $this->session->get(IOptionService::SESSION_ACCOUNT);
  213.         if (null == $account || !in_array($account['step'], ['signin_staff_activation''signup_activation''forgot_activation''signin_activation'])) {
  214.             $this->log->writeLog(
  215.                 [
  216.                     IOptionService::KEY_CLASS => get_class($this),
  217.                     IOptionService::KEY_FUNCTION => __FUNCTION__,
  218.                     IOptionService::KEY_URL => $request->getRequestUri(),
  219.                     IOptionService::KEY_ACCOUNT => 'UNKNOWN',
  220.                     IOptionService::KEY_MESSAGE => 'activation url error not in array',
  221.                     IOptionService::KEY_CATEGORY => 'HACK',
  222.                 ],
  223.                 Log::MESSAGE_ERROR
  224.             );
  225.             $this->session->invalidate();
  226.             return new JsonResponse(['redirect' => $this->generateUrl('auth_signout')], 400);
  227.         }
  228.         $referer $request->headers->get("referer"); // get the referer, it can be empty!
  229.         if (!\is_string($referer) || !$referer) {
  230.             $this->log->writeLog(
  231.                 [
  232.                     IOptionService::KEY_CLASS => get_class($this),
  233.                     IOptionService::KEY_FUNCTION => __FUNCTION__,
  234.                     IOptionService::KEY_URL => $request->getRequestUri(),
  235.                     IOptionService::KEY_ACCOUNT => $account["email"],
  236.                     IOptionService::KEY_MESSAGE => "activation with no referrer",
  237.                     IOptionService::KEY_CATEGORY => "HACK"
  238.                 ],
  239.                 Log::MESSAGE_ERROR
  240.             );
  241.             $this->session->invalidate();
  242.             return new JsonResponse(['redirect' => $this->generateUrl('auth_signout')], 400);
  243.         }
  244.         try {
  245.             // Generate activation code
  246.             $activationCode null;
  247.             $page 'signin_activation' == $account['step'] ? IAuthService::ACTIVATION IAuthService::RESET;
  248.             $findUser $this->authService->signInUser($account['email'], null);
  249.             if (!empty($findUser)) {
  250.                 $activationCode CommonForm::generateCode(6true);
  251.                 $findUser->setValidationCode($activationCode);
  252.                 $findUser->setValidationPage($page);
  253.                 $findUser->setValidationDate(new \DateTime('now'));
  254.               
  255.                 $manager->persist($findUser);
  256.                 $manager->flush();
  258.                 $account['activation'] = $activationCode;
  259.                 $account['created'] = new \DateTime('now');
  261.                 $this->session->set(IOptionService::SESSION_ACCOUNT$account);
  262.                 $this->notifyService->sendMail(
  263.                     $this->translator->trans('request_activation_code'),
  264.                     'request_activation_code',
  265.                     [
  266.                         'email' => $findUser->getEmail(),
  267.                         'data' => [
  268.                             'fullname' => $findUser->getFullName(),
  269.                             'code' => $account['activation'],
  270.                             'time_elapsed' => IOptionService::MAX_ACCOUNT_ACTIVATION_TIME,
  271.                             'app_url' => IOptionService::BASE_URL,
  272.                             'support_mail' => IEmailService::SUPPORT,
  273.                             'logo' => IOptionService::CDN_LOGO,
  274.                             'favicon' => IOptionService::CDN_FAVICON,
  275.                         ],
  276.                     ]
  277.                 );
  278.                 $this->log->writeLog(
  279.                     [
  280.                         IOptionService::KEY_CLASS => get_class($this),
  281.                         IOptionService::KEY_FUNCTION => __FUNCTION__,
  282.                         IOptionService::KEY_URL => $request->getRequestUri(),
  283.                         IOptionService::KEY_MESSAGE => 'User ask again activation code success'.$findUser->getGuid(),
  284.                     ],
  285.                     Log::MESSAGE_ERROR
  286.                 );
  287.                 return new JsonResponse(['message' => $this->translator->trans('activation_code_resend')], 200);
  288.             }
  289.             $this->log->writeLog(
  290.                 [
  291.                     IOptionService::KEY_CLASS => get_class($this),
  292.                     IOptionService::KEY_FUNCTION => __FUNCTION__,
  293.                     IOptionService::KEY_URL => $request->getRequestUri(),
  294.                     IOptionService::KEY_ACCOUNT => 'UNKNOWN',
  295.                     IOptionService::KEY_MESSAGE => 'account not found',
  296.                     IOptionService::KEY_CATEGORY => 'HACK',
  297.                 ],
  298.                 Log::MESSAGE_ERROR
  299.             );
  300.             return new JsonResponse(['message' => $this->translator->trans('activation_code_resend')], 200);
  301.         } catch (\Exception $e) {
  302.             $this->log->writeLog(
  303.                 [
  304.                     IOptionService::KEY_CLASS => get_class($this),
  305.                     IOptionService::KEY_FUNCTION => __FUNCTION__,
  306.                     IOptionService::KEY_URL => $request->getRequestUri(),
  307.                     IOptionService::KEY_MESSAGE => 'User ask again activation code failed'.$account['email'],
  308.                 ],
  309.                 Log::MESSAGE_ERROR
  310.             );
  311.             return new JsonResponse(['message' => $this->translator->trans('activation_code_resend')], 200);
  312.         }
  313.     }
  315.     /**
  316.      * @Route("/reset-password", name="auth_reset_password")
  317.      */
  318.     public function resetPassword(Request $requestCsrfTokenManagerInterface $csrfTokenManager): Response
  319.     {
  320.         $account $this->session->get(IOptionService::SESSION_ACCOUNT);
  321.         if (empty($account)) {
  322.             return $this->redirectToRoute('auth_signin');
  323.         }
  324.         if ($request->isMethod('POST') && $request->isXmlHttpRequest()) {
  325.             $token = new CsrfToken('reset_form'$request->request->get('token'));
  326.             if ($csrfTokenManager->isTokenValid($token)) {
  327.                 $result $this->authForm->checkReset($request$this->session);
  328.                 if ($result instanceof BaseAuth) {
  329.                     // clean session
  330.                     $this->session->remove(IOptionService::SESSION_ACCOUNT);
  331.                     // delete blacklist file
  332.                     $this->fileService->deleteFile($this->getParameter('app.blacklist_dir').DIRECTORY_SEPARATOR.$result->getEmail().'.log');
  333.                     return new JsonResponse(null200);
  334.                 }
  335.                 if ('fake_email' == $result) {
  336.                     return new JsonResponse(null200);
  337.                 }
  338.                 return new JsonResponse(null200);
  339.             }
  340.             return new JsonResponse(null200);
  341.         }
  342.         return $this->render('auth/reset.html.twig');
  343.     }
  345.     /**
  346.      * @Route("/validate-account/{tid}", name="auth_validate_account")
  347.      */
  348.     public function validate(Request $requestCsrfTokenManagerInterface $csrfTokenManager, ?bool $profileId false): Response
  349.     {
  350.         if ($this->fileService->countLinesInFile($this->getParameter('app.blacklist_dir').DIRECTORY_SEPARATOR.CommonForm::getAddressIp($request->getClientIp())) >= 3) {
  351.             return $this->render('error/error.html.twig', ['url' => IOptionService::BASE_URL]);
  352.         }
  353.         if ($request->isMethod('POST') && $request->isXmlHttpRequest()) {
  354.             $token = new CsrfToken('validate_account'$request->request->get('token'));
  355.             if ($csrfTokenManager->isTokenValid($token)) {
  356.                 $response $this->authForm->checkValidateAccount($request);
  357.                 if (empty($response)) {
  358.                     $this->session->invalidate();
  359.                     return new JsonResponse([[
  360.                         'message' => $this->translator->trans('account_validation_success'),
  361.                         'redirect' => $this->generateUrl('auth_signin'),],
  362.                     ], 200);
  363.                 }
  364.                 return new JsonResponse([['message' => $response,],], 400);
  365.             }
  366.             return new JsonResponse([[
  367.                 'message' => $this->translator->trans('account_validation_success'),
  368.                 'redirect' => $this->generateUrl('auth_signin'),],
  369.             ], 200);
  370.         }
  371.         $findUser $this->authService->loadUserByValidationCode($request->attributes->get('tid'));
  372.         if(empty($findUser) ||  ($findUser instanceof  BaseAuth  && ($findUser->getStatus() != IOptionService::STATUS_PENDING))) {
  373.             // write in blacklist file
  374.             $this->fileService->appendFile(
  375.                 "app.blacklist_dir",
  376.                 CommonForm::getAddressIp($request->getClientIp()),
  377.                 "date=" . (new \DateTime())->format("Y-m-d H:i:s") . "|ip=" CommonForm::getAddressIp($request->getClientIp()) . "|page=CREATE_ACCOUNT|user-agent=" $request->headers->get("user-agent") . PHP_EOL
  378.             );
  379.             $this->log->writeLog(
  380.                 [
  381.                     IOptionService::KEY_CLASS => get_class($this),
  382.                     IOptionService::KEY_FUNCTION => __FUNCTION__,
  383.                     IOptionService::KEY_URL => $request->getRequestUri(),
  384.                     IOptionService::KEY_MESSAGE => "invalid request: attempt to get new account",
  385.                     IOptionService::KEY_CATEGORY => "HACK"
  386.                 ],
  387.                 Log::MESSAGE_ERROR
  388.             );
  389.             return $this->render("error/error.html.twig", ["url" => IOptionService::BASE_URL]);
  390.         }
  392.         return $this->render('auth/validate_account.html.twig', [
  393.             'entity' => $findUser,
  394.             'tid' => $request->attributes->get('tid'),
  395.         ]);
  396.     }
  398.     /**
  399.      * @Route("/signout", name="auth_signout")
  400.      */
  401.     public function signout(Request $request): Response
  402.     {
  403.         $request->getSession()->invalidate(1);
  404.         $request->getSession()->clear();
  405.         return $this->redirectToRoute('auth_signin');
  406.     }
  407. }