src/Controller/SecurityController.php line 87

Open in your IDE?
  1. <?php
  2. /**
  3.  * Created by PhpStorm.
  4.  * User: uwethiess
  5.  * Date: 07.10.16
  6.  * Time: 12:36
  7.  */
  8. namespace App\Controller;
  9. use App\Api\ProthelisApi;
  10. use App\Entity\User;
  11. use App\Form\LoginForm;
  12. use App\Form\PasswordRequestForm;
  13. use App\Form\PasswordResetForm;
  14. use App\Security\LoginFormAuthenticator;
  15. use App\Service\DBLogService;
  16. use Symfony\Component\Mailer\MailerInterface;
  17. use Symfony\Component\Mime\Address;
  18. use Symfony\Component\Mime\Email;
  19. use Symfony\Component\Routing\Annotation\Route;
  20. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  21. use Symfony\Component\HttpFoundation\Request;
  22. use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
  23. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  24. use Symfony\Contracts\Translation\TranslatorInterface;
  26. class SecurityController extends AbstractController
  27. {
  29.     /**
  30.      * @var TranslatorInterface
  31.      */
  32.     private $translator;
  33.     private MailerInterface $mailer;
  34.     private DBLogService $DBLog;
  35.     private GuardAuthenticatorHandler $authenticatorHandler;
  36.     private LoginFormAuthenticator $authenticator;
  38.     /**
  39.      * SecurityController constructor.
  40.      */
  41.     public function __construct(TranslatorInterface $translatorMailerInterface $mailerDBLogService $DBLogGuardAuthenticatorHandler $authenticatorHandlerLoginFormAuthenticator $authenticator) {
  42.         $this->translator $translator;
  43.         $this->mailer $mailer;
  44.         $this->DBLog $DBLog;
  45.         $this->authenticatorHandler $authenticatorHandler;
  46.         $this->authenticator $authenticator;
  47.     }
  50.     /**
  51.      * @Route("/login", name="security_login")
  52.      */
  53.     public function loginAction(AuthenticationUtils $authenticationUtils)
  54.     {
  55.         // get the login error if there is one
  56.         $error $authenticationUtils->getLastAuthenticationError();
  57.         // last username entered by the user
  58.         $lastUsername $authenticationUtils->getLastUsername();
  59.         $form $this->createForm(
  60.             LoginForm::class,
  61.             [
  62.                 '_username' => $lastUsername,
  63.             ]
  64.         );
  65.         
  66.         return $this->render(
  67.             'security/login.html.twig',
  68.             array(
  69.                 'form'  => $form->createView(),
  70.                 'error' => $error,
  71.                 'login' => true
  72.             )
  73.         );
  74.     }
  76.     /**
  77.      * @Route("/logout", name="security_logout")
  78.      */
  79.     public function logoutAction()
  80.     {
  81.         throw new \Exception('this should not be reached.');
  82.     }
  83.     
  84.     /**
  85.      * @Route("/resetpassword", name="reset_password")
  86.      */
  87.     public function resetPassword(Request $request)
  88.     {
  89.         $form $this->createForm(PasswordRequestForm::class);
  90.         $form->handleRequest($request);
  91.         if ($form->isSubmitted() && $form->isValid()) {
  92.             $formData $form->getData();
  93.             $em $this->getDoctrine()
  94.                 ->getManager();
  95.             $user $em->getRepository(User::class)
  96.                 ->findByEmail($formData['_email']);
  97.             if (empty($user)) {
  98.                 $this->DBLog->debug('api''set password', [
  99.                     'email' => $formData['_email'],
  100.                     'response' => 'email not found',
  101.                 ]);
  102.                 $this->addFlash('error''User not found');
  103.             } else {
  104.                 $this->DBLog->debug('api''set password requested', [
  105.                     'email' => $formData['_email']
  106.                 ]);
  107. //                $this->addFlash('success', 'User found');
  108.                 $this->sendPasswordResetMail($user);
  109.                 
  110.                 return $this->render(
  111.                     'account/resetpassword.html.twig',
  112.                     [
  113.                         'step'      => 1,
  114.                         'formData'  => $formData,
  115.                         'resetForm' => $form->createView(),
  116.                     ]
  117.                 );
  118.             }
  119.         }
  120.         
  121.         return $this->render(
  122.             'account/resetpassword.html.twig',
  123.             [
  124.                 'step'      => 0,
  125.                 'resetForm' => $form->createView(),
  126.             ]
  127.         );
  128. //        return $this->redirectToRoute('user_account');
  129.     }
  130.     
  131.     /**
  132.      * @Route("/resettoken/{token}", name="reset_password_token")
  133.      */
  134.     public function resetPasswordToken($tokenRequest $request)
  135.     {
  136.         $max_time_sec 60 60 24;
  137.         $error false;
  138.         $userpassword null;
  139.         $token urldecode($token);
  140.         $token base64_decode($token);
  141.         $token $this->decryptData($token);
  142.         $token json_decode($token);
  143.         $time_passed strtotime('now') - strtotime($token->ts);
  144.         if ($time_passed $max_time_sec) {
  145.             $error 'expired';
  146.         }
  147.         $em $this->getDoctrine()
  148.             ->getManager();
  149.         /**
  150.          * Distinguish where the user requested the password reset.
  151.          * For account page, check user against
  152.          */
  153.         switch ($token->source) {
  154.             case 'api':
  155.                 $userdata ProthelisApi::getUserByEmail($token->email);
  156.                 if (!empty($userdata)) {
  157.                     $userpassword $userdata->password;
  158.                     /**
  159.                      * Check if API user already exists in local db
  160.                      */
  161.                     $user $em->getRepository(User::class)
  162.                         ->findbyUsername($userdata->username);
  163.                     if (!empty($user)) {
  164.                         /*
  165.                          * user exists
  166.                          */
  167.                     } else {
  168.                         // create empty user for form
  169.                         $user = new User();
  170.                         $user->setUsername($userdata->username);
  171.                     }
  172.                 }
  173.                 break;
  174.             case 'account':
  175.             default:
  176.                 /** @var User $user */
  177.                 $user $em->getRepository(User::class)
  178.                     ->findByEmail($token->email);
  179.                 if (!empty($user)) {
  180.                     $userpassword $user->getPassword();
  181.                 }
  182.                 break;
  183.         }
  184.         if (!$error && $userpassword !== $token->oldpw) {
  185.             $error 'already_used';
  186.         }
  187.         //display form
  188.         $form $this->createForm(PasswordResetForm::class, $user);
  189.         $form->handleRequest($request);
  190.         if ($error === false) {
  191.             if ($form->isSubmitted() && $form->isValid()) {
  192.                 $formData $form->getData();
  193.                 // send new password to api
  194.                 $response ProthelisApi::setUserParam($user->getUsername(), 'password'$user->getPlainPassword());
  195.                 // todo: check for negative response
  196.                 $this->DBLog->debug('api''set password', [
  197.                     'username' => $user->getUsername(),
  198.                     'response' => $response,
  199.                     ]);
  200.                 $this->addFlash(
  201.                     'success',
  202.                     $this->translator
  203.                         ->trans('account.resetpw.success.msgshort')
  204.                 );
  205.                 if ($user->getId() !== null) {
  206.                     // user has local account, auto login
  207.                     $em->flush();
  208.                     
  209.                     return $this->authenticatorHandler
  210.                         ->authenticateUserAndHandleSuccess(
  211.                             $user,
  212.                             $request,
  213.                             $this->authenticator,
  214.                             'main'
  215.                         );
  216.                 } else {
  217.                     // user has no local account, don't log in
  218.                     return $this->redirectToRoute('security_login');
  219.                     return $this->render(
  220.                         'account/error_message.html.twig',
  221.                         [
  222.                             'message' => [
  223.                                 'title' => $this->translator
  224.                                     ->trans('account.resetpw.success.title'),
  225.                                 'body'  => $this->translator
  226.                                     ->trans('account.resetpw.success.msgshort') . ' ' $this->translator
  227.                                     ->trans('account.resetpw.success.msgwebapp'),
  228.                                 'link'  => [
  229.                                     'href'  => 'https://my-prothelis.de',
  230.                                     'title' => 'Prothelis Web App',
  231.                                 ],
  232.                             ],
  233.                         ]
  234.                     );
  235.                 }
  236.             }
  237.         } else {
  238.             $this->DBLog->debug('api''set password', [
  239.                 'username' => $user $user->getUsername() : null,
  240.                 'response' => ['status' => 'error''token' => $token'msg' => $error],
  241.             ]);
  242.             return $this->redirectToRoute('security_login');
  243.             return $this->render(
  244.                 'account/error_message.html.twig',
  245.                 [
  246.                     'message' => [
  247.                         'title' => $this->translator
  248.                             ->trans('account.error.oopsie'),
  249.                         'body'  => $this->translator
  250.                             ->trans('account.resetpw.error.' $error),
  251.                         'link'  => [
  252.                             'href'  => $this->get('router')
  253.                                 ->generate('reset_password'),
  254.                             'title' => $this->translator
  255.                                 ->trans('account.resetpw.title'),
  256.                         ],
  257.                     ],
  258.                 ]
  259.             );
  260.         }
  261.         
  262.         return $this->render(
  263.             'account/passwordform.html.twig',
  264.             [
  265.                 'passwordForm' => $form->createView(),
  266.             ]
  267.         );
  268.     }
  269.     
  270.     private function sendPasswordResetMail(User $user)
  271.     {
  272.         $locale $user->getLocale();
  273.         if (!$locale) {
  274.             $locale 'en';
  275.         }
  276.         $this->translator->setLocale($locale);
  277.         /** @var Email $message */
  278.         $message = (new Email())
  279.             ->subject($this->translator->trans('email.reset_password.subject'))
  280.             ->from(new Address('support@prothelis.de''Prothelis Support'))
  281.             ->to($user->getEmailAddress())
  282.             ->html(
  283.                 $this->renderView(
  284.                     'email/reset_password.html.twig',
  285.                     ['resetLink' => $this->getResetLink($user)]
  286.                 )
  287.             );
  288.         $this->mailer->send($message);
  289.     }
  290.     
  291.     private function getResetLink(User $user)
  292.     {
  293.         $locale $user->getLocale() ?: 'de';
  294.         $url 'https://my-prothelis.de/account/'.$locale.'/resettoken/';
  295.         $token = [
  296.             'email'  => $user->getEmailAddress(),
  297.             'oldpw'  => $user->getPassword(),
  298.             'ts'     => date('Y-m-d H:i:s'),
  299.             'source' => 'account',
  300.         ];
  301.         $token json_encode($token);
  302.         $token_enc $this->encryptData($token);
  303.         $token_b64 base64_encode($token_enc);
  304.         $token_url urlencode(urlencode($token_b64));
  305.         
  306.         return $url $token_url;
  307.     }
  308.     
  309.     function encryptData($plaintext)
  310.     {
  311.         $key $_ENV['APP_SECRET'];
  312.         $iv 'c4HQEm7dK6Niuq[H';
  313.         $ciphertext openssl_encrypt($plaintext'AES-128-CBC'$keyOPENSSL_RAW_DATA$iv);
  314.         
  315.         return $ciphertext;
  316.     }
  317.     
  318.     function decryptData($ciphertext)
  319.     {
  320.         $key $_ENV['APP_SECRET'];
  321.         $iv 'c4HQEm7dK6Niuq[H';
  322.         $plaintext openssl_decrypt($ciphertext'AES-128-CBC'$keyOPENSSL_RAW_DATA$iv);
  323.         
  324.         return $plaintext;
  325.     }
  326. }
  328. ?>