src/Controller/SecurityController.php line 89

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Constant\UserStatus;
  6. use App\Entity\User;
  7. use App\Services\HashGenerator;
  8. use App\Services\Mailer;
  9. use Doctrine\Persistence\ManagerRegistry;
  10. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  11. use Symfony\Component\HttpFoundation\Request;
  12. use Symfony\Component\HttpFoundation\Response;
  13. use Symfony\Component\Routing\Annotation\Route;
  14. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  15. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  16. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  19. class SecurityController extends AbstractController
  20. {
  23.     private $doctrine;
  24.     private $hashGenerator;
  25.     private $mailer;
  26.     private $passwordEncoder;
  28.     public function __construct(ManagerRegistry $doctrineHashGenerator $hashGeneratorMailer $mailerUserPasswordHasherInterface $passwordEncoder){
  30.         $this->doctrine $doctrine;
  31.         $this->hashGenerator $hashGenerator;
  32.         $this->mailer $mailer;
  33.         $this->passwordEncoder $passwordEncoder;
  34.     }
  36.     /**
  37.      * @Route("/", name="login")
  38.      */
  39.     public function login(AuthenticationUtils $authenticationUtils)
  40.     {
  42.         // redirect if already logged
  43.         if ($this->getUser()) {
  45.             $userRoles $this->getUser()->getRoles();
  47.             if (in_array("ROLE_SUPER_ADMIN"$userRoles) || in_array("ROLE_ADMIN"$userRoles)){
  48.                 return $this->redirectToRoute('admin_dashboard');
  49.             }
  51.             if (in_array("ROLE_PARTNER"$userRoles)){
  52.                 return $this->redirectToRoute('partner_dashboard');
  53.             }
  55.             if (in_array("ROLE_CUSTOMER"$userRoles)){
  56.                 return $this->redirectToRoute('account_projects', ['accountId' => $this->getUser()->getMembership()->getAccount()->getId()]);
  57.             }
  58.         }
  60.         $error $authenticationUtils->getLastAuthenticationError();
  61.         $lastEmail $authenticationUtils->getLastUsername();
  63.         return $this->render('security/login.html.twig', [
  64.             'title' => "Log in",
  65.             'last_email' => $lastEmail,
  66.             'error' => $error,
  67.             'type' => 'admin'
  68.         ]);
  69.     }
  71.     /**
  72.      * @Route("/logout", name="logout")
  73.      */
  74.     public function logout()
  75.     {
  76.     }
  79.     /**
  80.      * @Route("/access-denied", name="access_denied")
  81.      */
  82.     public function accessDenied(): Response {
  83.         return $this->render('security/access-denied.html.twig');
  84.     }
  86.     /**
  87.      * @Route("/forgot-password", name="forgot_password")
  88.      */
  89.     public function forgotPassword(): Response {
  91.         $error '';
  92.         $message '';
  93.         $email '';
  95.         if ($_POST) {
  97.             $email $_POST['email'];
  98.             $repository $this->doctrine->getRepository(User::class);
  99.             $user $repository->findOneBy(['email' => $_POST['email']]);
  101.             if ($user){
  103.                 $userStatus = new UserStatus();
  104.                 $statusSuspended $userStatus->getUserStatusId('Suspended');
  106.                 if ($user->getStatus() == $statusSuspended) {
  108.                     $error 'Your user account has been suspended.';
  110.                 } else {
  112.                     $lastTokenCreated $user->getTokenCreatedAt();
  113.                     $dateValid = (new \DateTime("now"))->modify('-1 hour');
  115.                     if ($lastTokenCreated && $lastTokenCreated $dateValid){
  117.                         $error 'We already received your request. Check your email or try again later.';
  119.                     } else {
  121.                         $token $this->hashGenerator->uuid4();
  122.                         $user->setToken($token);
  123.                         $user->setTokenCreatedAt(new \DateTime());
  125.                         $em $this->doctrine->getManager();
  126.                         $em->persist($user);
  127.                         $em->flush();
  129.                         $url $this->generateUrl('reset_password',
  130.                             array('token' => $token),
  131.                             UrlGeneratorInterface::ABSOLUTE_URL
  132.                         );
  134.                         $context = [
  135.                             'user_email' => $user->getEmail(),
  136.                             'url' => $url
  137.                         ];
  139.                         $to $user->getEmail();
  140.                         $subject 'Reset Your Password.';
  141.                         $type 'reset_password';
  143.                         $this->mailer->sendTemplatedMail($to$subject$type$context);
  145.                         $message 'Request for password reset sent successfully. Check your email for further instructions.';
  146.                         $email '';
  147.                     }
  148.                 }
  149.             } else {
  150.                 $error 'User not found';
  151.             }
  153.         }
  155.         return $this->render('security/forgot-password.html.twig', [
  156.             'title' => "Forgot password",
  157.             'last_email' => $email,
  158.             'error' => $error,
  159.             'message' => $message
  160.         ]);
  161.     }
  164.     /**
  165.      * @Route("/reset-password/{token}", name="reset_password")
  166.      */
  167.     public function resetPassword($token)
  168.     {
  170.         $error '';
  171.         $message '';
  173.         $repository $this->doctrine->getRepository(User::class);
  174.         $user $repository->findOneBy(['token' => $token]);
  176.         $userStatus = new UserStatus();
  177.         $statusSuspended $userStatus->getUserStatusId('Suspended');
  179.         if (!$user) {
  181.             $error 'Your request has been expired.';
  183.         } else if ($user->getStatus() == $statusSuspended) {
  185.             $error 'Your user account has been suspended.';
  187.         } else if ($_POST) {
  189.             $password trim($_POST['password']);
  190.             $password_retype trim($_POST['password_retype']);
  192.             $strength $this->hashGenerator->passwordStrengthCheck($password);
  194.             if(!$strength['valid']) {
  195.                 $error $strength['message'];
  196.             } else if ($password != $password_retype){
  197.                 $error "Retyped password doesn't match";
  198.             } else {
  199.                 $new_pwd_encoded $this->passwordEncoder->hashPassword($user$password);
  201.                 $currentStatus $user->getStatus();
  202.                 $statusPending $userStatus->getUserStatusId('Pending');
  203.                 $statusActive $userStatus->getUserStatusId('Active');
  205.                 if ($currentStatus == $statusPending){
  206.                     $user->setStatus($statusActive);
  207.                 }
  209.                 $user->setToken(null);
  210.                 $user->setTokenCreatedAt(null);
  211.                 $user->setPassword($new_pwd_encoded);
  213.                 $em $this->doctrine->getManager();
  214.                 $em->persist($user);
  215.                 $em->flush();
  217.                 $this->addFlash(
  218.                     'notice',
  219.                     'Your password has been changed.'
  220.                 );
  222.                 return $this->redirectToRoute('login');
  224.             }
  225.         }
  227.         return $this->render('security/reset-password.html.twig', [
  228.             'title' => "Reset password",
  229.             'token' => $token,
  230.             'error' => $error,
  231.             'message' => $message
  232.         ]);
  233.     }
  236.     /**
  237.      * @Route("/my-profile", name="my_profile")
  238.      */
  239.     public function myProfile(Request $request): Response {
  241.         $error false;
  242.         $passChanged false;
  243.         $message '';
  245.         if ($request->isMethod('post')) {
  247.             $user $this->getUser();
  249.             $firstName trim($request->get('firstName'));
  250.             $lastName trim($request->get('lastName'));
  251.             $password trim($request->get('password'));
  252.             $password_retype trim($request->get('password_retype'));
  254.             $infoChanged = ($firstName != $user->getFirstName() || $lastName != $user->getLastName());
  256.             if (strlen($firstName) < || strlen($lastName) < 2) {
  257.                 $error true;
  258.                 $message .= 'Your first name and last name should be at least 2 characters long<br>';
  259.             } else {
  260.                 $user->setFirstName($firstName);
  261.                 $user->setlastName($lastName);
  262.             }
  264.             if (strlen($password) > 0){
  266.                 $strength $this->hashGenerator->passwordStrengthCheck($password);
  268.                 if(!$strength['valid']) {
  269.                     $error true;
  270.                     $message .= $strength['message'].'<br>';
  271.                 } else if ($password != $password_retype){
  272.                     $error true;
  273.                     $message .= "Retyped password doesn't match<br>";
  274.                 } else {
  275.                     $new_pwd_encoded $this->passwordEncoder->hashPassword($user$password);
  276.                     $user->setPassword($new_pwd_encoded);
  277.                     $passChanged true;
  278.                 }
  280.             }
  282.             if ($error){
  283.                 $this->addFlash('error'$message);
  284.             } else {
  286.                 $em $this->doctrine->getManager();
  287.                 $em->persist($user);
  288.                 $em->flush();
  290.                 if ($infoChanged && $passChanged){
  291.                     $this->addFlash('notice''Your profile info and password successfully changed');
  292.                 } elseif ($infoChanged) {
  293.                     $this->addFlash('notice''Your profile info successfully changed');
  294.                 } elseif ($passChanged){
  295.                     $this->addFlash('notice''Your password successfully changed');
  296.                 } else {
  297.                     $this->addFlash('notice''Nothing changed');
  298.                 }
  300.             }
  302.         }
  305.         $appType '';
  306.         $account null;
  308.         $roles $this->getUser()->getRoles();
  309.         foreach ($roles as $role){
  310.             if ($role == "ROLE_ADMIN" || $role == "ROLE_SUPER_ADMIN" || $role == "ROLE_ADMIN_VIEWER"){
  311.                 $appType 'admin';
  312.             }
  313.             if ($role == "ROLE_PARTNER"){
  314.                 $appType 'partner';
  315.             }
  316.             if ($role == "ROLE_CUSTOMER"){
  317.                 $appType 'account';
  318.                 $account $this->getUser()->getMembership()->getAccount();
  319.             }
  320.         }
  322.         return $this->render('security/profile.html.twig', [
  323.             'app_type' => $appType,
  324.             'title' => 'My Profile',
  325.             'account' => $account,
  326.             'accountId' => ($account) ? $account->getId() : null,
  327.             'showPayment' => false,
  329.         ]);
  331.     }
  333. }