vendor/sylius/sylius/src/Sylius/Bundle/UserBundle/Controller/UserController.php line 250

Open in your IDE?
  1. <?php
  3. /*
  4.  * This file is part of the Sylius package.
  5.  *
  6.  * (c) Paweł Jędrzejewski
  7.  *
  8.  * For the full copyright and license information, please view the LICENSE
  9.  * file that was distributed with this source code.
  10.  */
  12. declare(strict_types=1);
  14. namespace Sylius\Bundle\UserBundle\Controller;
  16. use FOS\RestBundle\View\View;
  17. use Sylius\Bundle\ResourceBundle\Controller\RequestConfiguration;
  18. use Sylius\Bundle\ResourceBundle\Controller\ResourceController;
  19. use Sylius\Bundle\UserBundle\Form\Model\ChangePassword;
  20. use Sylius\Bundle\UserBundle\Form\Model\PasswordReset;
  21. use Sylius\Bundle\UserBundle\Form\Model\PasswordResetRequest;
  22. use Sylius\Bundle\UserBundle\Form\Type\UserChangePasswordType;
  23. use Sylius\Bundle\UserBundle\Form\Type\UserRequestPasswordResetType;
  24. use Sylius\Bundle\UserBundle\Form\Type\UserResetPasswordType;
  25. use Sylius\Bundle\UserBundle\UserEvents;
  26. use Sylius\Component\User\Model\UserInterface;
  27. use Sylius\Component\User\Repository\UserRepositoryInterface;
  28. use Sylius\Component\User\Security\Generator\GeneratorInterface;
  29. use Symfony\Component\EventDispatcher\GenericEvent;
  30. use Symfony\Component\Form\FormInterface;
  31. use Symfony\Component\HttpFoundation\RedirectResponse;
  32. use Symfony\Component\HttpFoundation\Request;
  33. use Symfony\Component\HttpFoundation\Response;
  34. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  35. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  36. use Webmozart\Assert\Assert;
  38. class UserController extends ResourceController
  39. {
  40.     public function changePasswordAction(Request $request): Response
  41.     {
  42.         $configuration $this->requestConfigurationFactory->create($this->metadata$request);
  44.         if (!$this->container->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
  45.             throw new AccessDeniedException('You have to be registered user to access this section.');
  46.         }
  48.         $user $this->container->get('security.token_storage')->getToken()->getUser();
  50.         $changePassword = new ChangePassword();
  51.         $formType $this->getSyliusAttribute($request'form'UserChangePasswordType::class);
  52.         $form $this->createResourceForm($configuration$formType$changePassword);
  54.         if (in_array($request->getMethod(), ['POST''PUT''PATCH'], true) && $form->handleRequest($request)->isValid()) {
  55.             return $this->handleChangePassword($request$configuration$user$changePassword->getNewPassword());
  56.         }
  58.         if (!$configuration->isHtmlRequest()) {
  59.             return $this->viewHandler->handle($configurationView::create($formResponse::HTTP_BAD_REQUEST));
  60.         }
  62.         return new Response($this->container->get('twig')->render(
  63.             $configuration->getTemplate('changePassword.html'),
  64.             ['form' => $form->createView()],
  65.         ));
  66.     }
  68.     public function requestPasswordResetTokenAction(Request $request): Response
  69.     {
  70.         /** @var GeneratorInterface $generator */
  71.         $generator $this->container->get(sprintf('sylius.%s.token_generator.password_reset'$this->metadata->getName()));
  73.         return $this->prepareResetPasswordRequest($request$generatorUserEvents::REQUEST_RESET_PASSWORD_TOKEN);
  74.     }
  76.     public function requestPasswordResetPinAction(Request $request): Response
  77.     {
  78.         /** @var GeneratorInterface $generator */
  79.         $generator $this->container->get(sprintf('sylius.%s.pin_generator.password_reset'$this->metadata->getName()));
  81.         return $this->prepareResetPasswordRequest($request$generatorUserEvents::REQUEST_RESET_PASSWORD_PIN);
  82.     }
  84.     public function resetPasswordAction(Request $requeststring $token): Response
  85.     {
  86.         $configuration $this->requestConfigurationFactory->create($this->metadata$request);
  87.         /** @var UserInterface|null $user */
  88.         $user $this->repository->findOneBy(['passwordResetToken' => $token]);
  89.         if (null === $user) {
  90.             throw new NotFoundHttpException('Token not found.');
  91.         }
  93.         $resetting $this->metadata->getParameter('resetting');
  94.         $lifetime = new \DateInterval($resetting['token']['ttl']);
  95.         if (!$user->isPasswordRequestNonExpired($lifetime)) {
  96.             return $this->handleExpiredToken($request$configuration$user);
  97.         }
  99.         $passwordReset = new PasswordReset();
  100.         $formType $this->getSyliusAttribute($request'form'UserResetPasswordType::class);
  101.         $form $this->createResourceForm($configuration$formType$passwordReset);
  103.         if (in_array($request->getMethod(), ['POST''PUT''PATCH'], true) && $form->handleRequest($request)->isValid()) {
  104.             return $this->handleResetPassword($request$configuration$user$passwordReset->getPassword());
  105.         }
  107.         if (!$configuration->isHtmlRequest()) {
  108.             return $this->viewHandler->handle($configurationView::create($formResponse::HTTP_BAD_REQUEST));
  109.         }
  111.         return new Response($this->container->get('twig')->render(
  112.             $configuration->getTemplate('resetPassword.html'),
  113.             [
  114.                 'form' => $form->createView(),
  115.                 'user' => $user,
  116.             ],
  117.         ));
  118.     }
  120.     public function verifyAction(Request $requeststring $token): Response
  121.     {
  122.         $configuration $this->requestConfigurationFactory->create($this->metadata$request);
  123.         $redirectRoute $this->getSyliusAttribute($request'redirect'null);
  125.         $response $this->redirectToRoute($redirectRoute);
  127.         /** @var UserInterface|null $user */
  128.         $user $this->repository->findOneBy(['emailVerificationToken' => $token]);
  129.         if (null === $user) {
  130.             if (!$configuration->isHtmlRequest()) {
  131.                 return $this->viewHandler->handle($configurationView::create($configurationResponse::HTTP_BAD_REQUEST));
  132.             }
  134.             $this->addTranslatedFlash('error''sylius.user.verify_email_by_invalid_token');
  136.             return $this->redirectToRoute($redirectRoute);
  137.         }
  139.         $user->setVerifiedAt(new \DateTime());
  140.         $user->setEmailVerificationToken(null);
  141.         $user->enable();
  143.         $eventDispatcher $this->container->get('event_dispatcher');
  144.         $eventDispatcher->dispatch(new GenericEvent($user), UserEvents::PRE_EMAIL_VERIFICATION);
  146.         $this->manager->flush();
  148.         $eventDispatcher->dispatch(new GenericEvent($user), UserEvents::POST_EMAIL_VERIFICATION);
  150.         if (!$configuration->isHtmlRequest()) {
  151.             return $this->viewHandler->handle($configurationView::create($user));
  152.         }
  154.         $flashMessage $this->getSyliusAttribute($request'flash''sylius.user.verify_email');
  155.         $this->addTranslatedFlash('success'$flashMessage);
  157.         return $response;
  158.     }
  160.     public function requestVerificationTokenAction(Request $request): Response
  161.     {
  162.         $configuration $this->requestConfigurationFactory->create($this->metadata$request);
  163.         $redirectRoute $this->getSyliusAttribute($request'redirect''referer');
  165.         $user $this->getUser();
  166.         if (null === $user) {
  167.             if (!$configuration->isHtmlRequest()) {
  168.                 return $this->viewHandler->handle($configurationView::create($configurationResponse::HTTP_UNAUTHORIZED));
  169.             }
  171.             $this->addTranslatedFlash('notice''sylius.user.verify_no_user');
  173.             return $this->redirectHandler->redirectToRoute($configuration$redirectRoute);
  174.         }
  176.         if (null !== $user->getVerifiedAt()) {
  177.             if (!$configuration->isHtmlRequest()) {
  178.                 return $this->viewHandler->handle($configurationView::create($configurationResponse::HTTP_BAD_REQUEST));
  179.             }
  181.             $this->addTranslatedFlash('notice''sylius.user.verify_verified_email');
  183.             return $this->redirectHandler->redirectToRoute($configuration$redirectRoute);
  184.         }
  186.         /** @var GeneratorInterface $tokenGenerator */
  187.         $tokenGenerator $this->container->get(sprintf('sylius.%s.token_generator.email_verification'$this->metadata->getName()));
  188.         $user->setEmailVerificationToken($tokenGenerator->generate());
  190.         $this->manager->flush();
  192.         $eventDispatcher $this->container->get('event_dispatcher');
  193.         $eventDispatcher->dispatch(new GenericEvent($user), UserEvents::REQUEST_VERIFICATION_TOKEN);
  195.         if (!$configuration->isHtmlRequest()) {
  196.             return $this->viewHandler->handle($configurationView::create(nullResponse::HTTP_NO_CONTENT));
  197.         }
  199.         $this->addTranslatedFlash('success''sylius.user.verify_email_request');
  201.         return $this->redirectHandler->redirectToRoute($configuration$redirectRoute);
  202.     }
  204.     protected function prepareResetPasswordRequest(Request $requestGeneratorInterface $generatorstring $senderEvent): Response
  205.     {
  206.         $configuration $this->requestConfigurationFactory->create($this->metadata$request);
  208.         $passwordReset = new PasswordResetRequest();
  209.         $formType $this->getSyliusAttribute($request'form'UserRequestPasswordResetType::class);
  210.         $form $this->createResourceForm($configuration$formType$passwordReset);
  211.         $template $this->getSyliusAttribute($request'template'null);
  212.         if ($configuration->isHtmlRequest()) {
  213.             Assert::notNull($template'Template is not configured.');
  214.         }
  216.         if (in_array($request->getMethod(), ['POST''PUT''PATCH'], true) && $form->handleRequest($request)->isValid()) {
  217.             $userRepository $this->repository;
  219.             /** @var UserRepositoryInterface $userRepository */
  220.             Assert::isInstanceOf($userRepositoryUserRepositoryInterface::class);
  222.             $user $userRepository->findOneByEmail($passwordReset->getEmail());
  223.             if (null !== $user) {
  224.                 $this->handleResetPasswordRequest($generator$user$senderEvent);
  225.             }
  227.             if (!$configuration->isHtmlRequest()) {
  228.                 return $this->viewHandler->handle($configurationView::create(nullResponse::HTTP_NO_CONTENT));
  229.             }
  231.             $this->addTranslatedFlash('success''sylius.user.reset_password_request');
  232.             $redirectRoute $this->getSyliusAttribute($request'redirect'null);
  233.             Assert::notNull($redirectRoute'Redirect is not configured.');
  235.             if (is_array($redirectRoute)) {
  236.                 return $this->redirectHandler->redirectToRoute(
  237.                     $configuration,
  238.                     $configuration->getParameters()->get('redirect')['route'],
  239.                     $configuration->getParameters()->get('redirect')['parameters'],
  240.                 );
  241.             }
  243.             return $this->redirectHandler->redirectToRoute($configuration$redirectRoute);
  244.         }
  246.         if (!$configuration->isHtmlRequest()) {
  247.             return $this->viewHandler->handle($configurationView::create($formResponse::HTTP_BAD_REQUEST));
  248.         }
  250.         return new Response($this->container->get('twig')->render(
  251.             $template,
  252.             [
  253.                 'form' => $form->createView(),
  254.             ],
  255.         ));
  256.     }
  258.     protected function addTranslatedFlash(string $typestring $message): void
  259.     {
  260.         $translator $this->container->get('translator');
  261.         $this->container->get('session')->getFlashBag()->add($type$translator->trans($message, [], 'flashes'));
  262.     }
  264.     /**
  265.      * @param object $object
  266.      */
  267.     protected function createResourceForm(
  268.         RequestConfiguration $configuration,
  269.         string $type,
  270.         $object,
  271.     ): FormInterface {
  272.         if (!$configuration->isHtmlRequest()) {
  273.             return $this->container->get('form.factory')->createNamed(''$type$object, ['csrf_protection' => false]);
  274.         }
  276.         return $this->container->get('form.factory')->create($type$object);
  277.     }
  279.     protected function handleExpiredToken(Request $requestRequestConfiguration $configurationUserInterface $user): Response
  280.     {
  281.         $user->setPasswordResetToken(null);
  282.         $user->setPasswordRequestedAt(null);
  284.         $this->manager->flush();
  286.         if (!$configuration->isHtmlRequest()) {
  287.             return $this->viewHandler->handle($configurationView::create($userResponse::HTTP_BAD_REQUEST));
  288.         }
  290.         $this->addTranslatedFlash('error''sylius.user.expire_password_reset_token');
  292.         $redirectRouteName $this->getSyliusAttribute($request'redirect'null);
  293.         Assert::notNull($redirectRouteName'Redirect is not configured.');
  295.         return new RedirectResponse($this->container->get('router')->generate($redirectRouteName));
  296.     }
  298.     protected function handleResetPasswordRequest(
  299.         GeneratorInterface $generator,
  300.         UserInterface $user,
  301.         string $senderEvent,
  302.     ): void {
  303.         $user->setPasswordResetToken($generator->generate());
  304.         $user->setPasswordRequestedAt(new \DateTime());
  306.         // I have to use doctrine manager directly, because domain manager functions add a flash messages. I can't get rid of them.
  307.         $manager $this->container->get('doctrine.orm.default_entity_manager');
  308.         $manager->persist($user);
  309.         $manager->flush();
  311.         $dispatcher $this->container->get('event_dispatcher');
  312.         $dispatcher->dispatch(new GenericEvent($user), $senderEvent);
  313.     }
  315.     protected function handleResetPassword(
  316.         Request $request,
  317.         RequestConfiguration $configuration,
  318.         UserInterface $user,
  319.         string $newPassword,
  320.     ): Response {
  321.         $user->setPlainPassword($newPassword);
  322.         $user->setPasswordResetToken(null);
  323.         $user->setPasswordRequestedAt(null);
  325.         $dispatcher $this->container->get('event_dispatcher');
  326.         $dispatcher->dispatch(new GenericEvent($user), UserEvents::PRE_PASSWORD_RESET);
  328.         $this->manager->flush();
  329.         $this->addTranslatedFlash('success''sylius.user.reset_password');
  331.         $dispatcher->dispatch(new GenericEvent($user), UserEvents::POST_PASSWORD_RESET);
  333.         if (!$configuration->isHtmlRequest()) {
  334.             return $this->viewHandler->handle($configurationView::create(nullResponse::HTTP_NO_CONTENT));
  335.         }
  337.         $redirectRouteName $this->getSyliusAttribute($request'redirect'null);
  338.         Assert::notNull($redirectRouteName'Redirect is not configured.');
  340.         return new RedirectResponse($this->container->get('router')->generate($redirectRouteName));
  341.     }
  343.     protected function handleChangePassword(
  344.         Request $request,
  345.         RequestConfiguration $configuration,
  346.         UserInterface $user,
  347.         string $newPassword,
  348.     ): Response {
  349.         $user->setPlainPassword($newPassword);
  351.         $dispatcher $this->container->get('event_dispatcher');
  352.         $dispatcher->dispatch(new GenericEvent($user), UserEvents::PRE_PASSWORD_CHANGE);
  354.         $this->manager->flush();
  355.         $this->addTranslatedFlash('success''sylius.user.change_password');
  357.         $dispatcher->dispatch(new GenericEvent($user), UserEvents::POST_PASSWORD_CHANGE);
  359.         if (!$configuration->isHtmlRequest()) {
  360.             return $this->viewHandler->handle($configurationView::create(nullResponse::HTTP_NO_CONTENT));
  361.         }
  363.         $redirectRouteName $this->getSyliusAttribute($request'redirect'null);
  364.         Assert::notNull($redirectRouteName'Redirect is not configured.');
  366.         return new RedirectResponse($this->container->get('router')->generate($redirectRouteName));
  367.     }
  369.     protected function getUser(): ?UserInterface
  370.     {
  371.         $user parent::getUser();
  372.         $authorizationChecker $this->container->get('security.authorization_checker');
  374.         if (
  375.             $authorizationChecker->isGranted('IS_AUTHENTICATED_REMEMBERED') &&
  376.             $user instanceof UserInterface
  377.         ) {
  378.             return $user;
  379.         }
  381.         return null;
  382.     }
  384.     private function getSyliusAttribute(Request $requeststring $attribute$default null)
  385.     {
  386.         $attributes $request->attributes->get('_sylius');
  388.         return $attributes[$attribute] ?? $default;
  389.     }
  390. }