src/Controller/AuthController.php line 67

Open in your IDE?
  1. <?php
  2. declare(strict_types=1);
  4. namespace App\Controller;
  6. use App\Logger\Log;
  7. use App\Form\AuthForm;
  8. use App\Entity\BaseAuth;
  9. use App\Form\CommonForm;
  10. use App\Service\AuthService;
  11. use App\Service\FileService;
  12. use App\Service\EmailService;
  13. use App\Service\IAuthService;
  14. use App\Service\IEmailService;
  15. use App\Service\OptionService;
  16. use App\Service\SchoolService;
  17. use App\Service\IOptionService;
  18. use Symfony\Component\Asset\Packages;
  19. use Doctrine\ORM\EntityManagerInterface;
  20. use Symfony\Component\HttpFoundation\Request;
  21. use Symfony\Component\Security\Core\Security;
  22. use Symfony\Component\HttpFoundation\Response;
  23. use Symfony\Component\Security\Csrf\CsrfToken;
  24. use Symfony\Component\Routing\Annotation\Route;
  25. use Symfony\Component\HttpFoundation\JsonResponse;
  26. use Symfony\Contracts\Translation\TranslatorInterface;
  27. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  28. use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
  29. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  30. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  32. class AuthController extends BaseController
  33. {
  34.     private AuthForm $authForm;
  35.     
  36.     public function __construct(
  37.         AuthForm $authForm,
  38.         AuthService $authService,
  39.         EmailService $notifyService,
  40.         OptionService $optionService,
  41.         SchoolService $schoolService,
  42.         Security $security,
  43.         FileService $fileService,
  44.         SessionInterface $session,
  45.         Packages $assetsManager,
  46.         TranslatorInterface $translator,
  47.         Log $log
  48.     ) {
  49.         parent::__construct(
  50.             $authService,
  51.             $notifyService,
  52.             $optionService,
  53.             $fileService,
  54.             $session,
  55.             $assetsManager,
  56.             $translator,
  57.             $log,
  58.             $security,
  59.             $schoolService
  60.         );
  61.         $this->authForm $authForm;
  62.     }
  64.     /**
  65.      * @Route("/login", name="auth_signin")
  66.      */
  67.     public function signIn(Request $requestAuthenticationUtils $authenticationUtilsParameterBagInterface $parameter): Response
  68.     {
  69.         $lastUserName $authenticationUtils->getLastUsername();
  70.         $lastError $authenticationUtils->getLastAuthenticationError();
  71.         
  72.         $view ='auth/sign_in.html.twig';
  73.         if($parameter->get('app.user') == IAuthService::ROLE_FAMILY){
  74.             $view ='auth/sign_family.html.twig';
  75.         }
  76.         return $this->render($view, [
  77.             'lastUser' => $lastUserName,
  78.             'lastError' => $lastError,
  79.             'env' => $parameter->get('app.env')
  80.         ]);
  81.     }
  83.     /**
  84.      * @Route("/forgot", name="auth_forgot_password")
  85.      */
  86.     public function forgotPassword(Request $requestCsrfTokenManagerInterface $csrfTokenManager): Response
  87.     {
  88.         if ($request->isMethod('POST') && $request->isXmlHttpRequest()) {
  89.             $token = new CsrfToken('form_forgot_password'$request->request->get('token'));
  90.             if ($csrfTokenManager->isTokenValid($token)) {
  91.                 $result $this->authForm->checkForgot($request$this->session);
  92.                 if ($result instanceof BaseAuth) {
  93.                     $this->notifyService->sendMail(
  94.                         $this->translator->trans('activation_code'),
  95.                         'forgot_password',
  96.                         [
  97.                             'email' => $result->getEmail(),
  98.                             'data' => [
  99.                                 'fullname' => $result->getFullName(),
  100.                                 'code' => $result->getValidationCode(),
  101.                                 'time_elapsed' => IOptionService::MAX_ACCOUNT_ACTIVATION_TIME,
  102.                                 'app_url' => IOptionService::BASE_URL,
  103.                                 'support_mail' => IEmailService::SUPPORT,
  104.                                 'logo' => IOptionService::CDN_LOGO,
  105.                                 'favicon' => IOptionService::CDN_FAVICON,
  106.                             ],
  107.                         ]
  108.                     );
  109.                     return new JsonResponse(null200);
  111.                 } else if(is_array($result)){
  112.                     return new JsonResponse($result400);
  113.                 }
  114.                 return new JsonResponse(null200);
  115.             }
  116.             return new JsonResponse(null200);
  117.         }
  119.         return $this->render('auth/forgot_password.html.twig');
  120.     }
  122.     /**
  123.      * @Route("/activation", name="auth_activation")
  124.      */
  125.     public function activation(Request $requestCsrfTokenManagerInterface $csrfTokenManager): Response
  126.     {
  127.         $account $this->session->get(IOptionService::SESSION_ACCOUNT);
  128.         if (null == $account || !in_array($account['step'], ['signin_staff_activation''signup_activation''forgot_activation''signin_activation'])) {
  129.             $this->activityLog($request,get_class($this),__FUNCTION__,'activation url error not in array',Log::MESSAGE_INFO,'HACK');
  130.             $this->session->invalidate();
  131.             return $this->redirectToRoute('auth_signout');
  132.         }
  134.         $referer $request->headers->get("referer"); // get the referer, it can be empty!
  135.         if (!\is_string($referer) || !$referer) {
  136.             $this->activityLog($request,get_class($this),__FUNCTION__,'activation with no referrer',Log::MESSAGE_INFO,'HACK',$account["email"]);
  137.             $this->session->invalidate();
  138.             return $this->redirectToRoute("auth_signout");
  139.         }
  141.         $title $message $step null;
  142.         if ('signin_activation' == $account['step']) {
  143.             $title $this->translator->trans('activation_code');
  144.             $message $this->translator->trans('signup_activation_code_info1');
  145.             $step 'signin_activation';
  146.         } elseif ('forgot_activation' == $account['step']) {
  147.             $title $this->translator->trans('activation_code');
  148.             $message $this->translator->trans('forgot_activation_code_info2', ['%0%' => CommonForm::maskEmail($account['email'])]);
  149.             $step 'forgot_activation';
  150.         }
  151.         if ($request->isMethod("POST") && $request->isXmlHttpRequest()) {
  152.             $token = new CsrfToken("activation_form"$request->request->get("token"));
  153.             if ($csrfTokenManager->isTokenValid($token)) {
  154.                 $jsonData $this->authForm->checkActivation($request$this->session$this->log$this->getUser());
  155.                 if ($jsonData != null) {
  156.                     if ($account["step"] == "signin_activation") {
  157.                         if ($jsonData == IOptionService::RESPONSE_AUTH) {
  158.                             //clean session
  159.                             $this->session->remove(IOptionService::SESSION_ACCOUNT);
  160.                             //create new session file
  161.                             $this->fileService->createSessionFile(
  162.                                 "app.connection_dir",
  163.                                 $account["email"],
  164.                                 $request->getSession()->getId(),
  165.                                 (new \DateTime())->format("Y-m-d")
  166.                             );
  167.                         }
  168.                         return new JsonResponse($jsonData200);
  169.                     }
  170.                     if ($account["step"] == "forgot_activation") {
  171.                         return new JsonResponse($jsonData200);
  172.                     }
  173.                 }
  174.             }
  175.             return new JsonResponse($this->translator->trans('wrong_activation_code'), 200);
  176.         }
  177.         return $this->render(
  178.             "auth/activation.html.twig",
  179.             [
  180.                 "title" => $title,
  181.                 "message" => $message,
  182.                 "step" => $step
  183.             ]
  184.         );
  185.     }
  187.     /**
  188.      * @Route("/resend-activation-code", name="auth_resent_activation_code")
  189.      */
  190.     public function resendActivationCode(Request $requestEntityManagerInterface $manager): Response
  191.     {
  192.         $account $this->session->get(IOptionService::SESSION_ACCOUNT);
  193.         if (null == $account || !in_array($account['step'], ['signin_staff_activation''signup_activation''forgot_activation''signin_activation'])) {
  194.             $this->activityLog($request,get_class($this),__FUNCTION__,'activation url error not in array',Log::MESSAGE_INFO,'HACK','UNKNOWN');
  195.             $this->session->invalidate();
  196.             return new JsonResponse(['redirect' => $this->generateUrl('auth_signout')], 400);
  197.         }
  198.         $referer $request->headers->get("referer"); // get the referer, it can be empty!
  199.         if (!\is_string($referer) || !$referer) {
  200.             $this->activityLog($request,get_class($this),__FUNCTION__,'activation with no referrer',Log::MESSAGE_INFO,'HACK',$account["email"]);
  201.             $this->session->invalidate();
  202.             return new JsonResponse(['redirect' => $this->generateUrl('auth_signout')], 400);
  203.         }
  204.         try {
  205.             // Generate activation code
  206.             $activationCode null;
  207.             $page 'signin_activation' == $account['step'] ? IAuthService::ACTIVATION IAuthService::RESET;
  208.             $findUser $this->authService->signInUser($account['email'], null);
  209.             if (!empty($findUser)) {
  210.                 $activationCode CommonForm::generateCode(6true);
  211.                 $findUser->setValidationCode($activationCode);
  212.                 $findUser->setValidationPage($page);
  213.                 $findUser->setValidationDate(new \DateTime('now'));
  214.               
  215.                 $manager->persist($findUser);
  216.                 $manager->flush();
  218.                 $account['activation'] = $activationCode;
  219.                 $account['created'] = new \DateTime('now');
  221.                 $this->session->set(IOptionService::SESSION_ACCOUNT$account);
  222.                 $this->notifyService->sendMail(
  223.                     $this->translator->trans('request_activation_code'),
  224.                     'request_activation_code',
  225.                     [
  226.                         'email' => $findUser->getEmail(),
  227.                         'data' => [
  228.                             'fullname' => $findUser->getFullName(),
  229.                             'code' => $account['activation'],
  230.                             'time_elapsed' => IOptionService::MAX_ACCOUNT_ACTIVATION_TIME,
  231.                             'app_url' => IOptionService::BASE_URL,
  232.                             'support_mail' => IEmailService::SUPPORT,
  233.                             'logo' => IOptionService::CDN_LOGO,
  234.                             'favicon' => IOptionService::CDN_FAVICON,
  235.                         ],
  236.                     ]
  237.                 );
  238.                 $this->activityLog($request,get_class($this),__FUNCTION__,'User ask again activation code success',Log::MESSAGE_ERROR);
  239.                 return new JsonResponse(['message' => $this->translator->trans('activation_code_resend')], 200);
  240.             }
  241.             $this->activityLog($request,get_class($this),__FUNCTION__,'account not found',Log::MESSAGE_ERROR,'HACK','UNKNOWN');
  242.             return new JsonResponse(['message' => $this->translator->trans('activation_code_resend')], 200);
  243.         } catch (\Exception $e) {
  244.             $this->activityLog($request,get_class($this),__FUNCTION__,'User ask again activation code failed'.$account['email']
  245.             ,Log::MESSAGE_ERROR);
  246.             return new JsonResponse(['message' => $this->translator->trans('activation_code_resend')], 200);
  247.         }
  248.     }
  250.     /**
  251.      * @Route("/reset-password", name="auth_reset_password")
  252.      */
  253.     public function resetPassword(Request $requestCsrfTokenManagerInterface $csrfTokenManager): Response
  254.     {
  255.         $account $this->session->get(IOptionService::SESSION_ACCOUNT);
  256.         if (empty($account)) {
  257.             return $this->redirectToRoute('auth_signin');
  258.         }
  259.         if ($request->isMethod('POST') && $request->isXmlHttpRequest()) {
  260.             $token = new CsrfToken('reset_form'$request->request->get('token'));
  261.             if ($csrfTokenManager->isTokenValid($token)) {
  262.                 $result $this->authForm->checkReset($request$this->session);
  263.                 if ($result instanceof BaseAuth) {
  264.                     // clean session
  265.                     $this->session->remove(IOptionService::SESSION_ACCOUNT);
  266.                     // delete blacklist file
  267.                     $this->fileService->deleteFile($this->getParameter('app.blacklist_dir').DIRECTORY_SEPARATOR.$result->getEmail().'.log');
  268.                     return new JsonResponse(null200);
  269.                 }
  270.                 if ('fake_email' == $result) {
  271.                     return new JsonResponse(null200);
  272.                 }
  273.                 return new JsonResponse(null200);
  274.             }
  275.             return new JsonResponse(null200);
  276.         }
  277.         return $this->render('auth/reset.html.twig');
  278.     }
  280.     /**
  281.      * @Route("/validate-account/{tid}", name="auth_validate_account")
  282.      */
  283.     public function validate(Request $requestCsrfTokenManagerInterface $csrfTokenManager, ?bool $profileId false): Response
  284.     {
  285.         if ($this->fileService->countLinesInFile($this->getParameter('app.blacklist_dir').DIRECTORY_SEPARATOR.CommonForm::getAddressIp($request->getClientIp())) >= 3) {
  286.             return $this->render('error/error.html.twig', ['url' => IOptionService::BASE_URL]);
  287.         }
  288.         if ($request->isMethod('POST') && $request->isXmlHttpRequest()) {
  289.             $token = new CsrfToken('validate_account'$request->request->get('token'));
  290.             if ($csrfTokenManager->isTokenValid($token)) {
  291.                 $response $this->authForm->checkValidateAccount($request);
  292.                 if (empty($response)) {
  293.                     $this->session->invalidate();
  294.                     return new JsonResponse([[
  295.                         'message' => $this->translator->trans('account_validation_success'),
  296.                         'redirect' => $this->generateUrl('auth_signin'),],
  297.                     ], 200);
  298.                 }
  299.                 return new JsonResponse([['message' => $response,],], 400);
  300.             }
  301.             return new JsonResponse([[
  302.                 'message' => $this->translator->trans('account_validation_success'),
  303.                 'redirect' => $this->generateUrl('auth_signin'),],
  304.             ], 200);
  305.         }
  306.         $findUser $this->authService->loadUserByValidationCode($request->attributes->get('tid'));
  307.         if(empty($findUser) ||  ($findUser instanceof  BaseAuth  && ($findUser->getStatus() != IOptionService::STATUS_PENDING))) {
  308.             // write in blacklist file
  309.             $this->fileService->appendFile(
  310.                 "app.blacklist_dir",
  311.                 CommonForm::getAddressIp($request->getClientIp()),
  312.                 "date=" . (new \DateTime())->format("Y-m-d H:i:s") . "|ip=" CommonForm::getAddressIp($request->getClientIp()) . "|page=CREATE_ACCOUNT|user-agent=" $request->headers->get("user-agent") . PHP_EOL
  313.             );
  314.             $this->activityLog($request,get_class($this),__FUNCTION__,'invalid request: attempt to get new account',Log::MESSAGE_ERROR,'HACK');
  315.             return $this->render("error/error.html.twig", ["url" => IOptionService::BASE_URL]);
  316.         }
  318.         return $this->render('auth/validate_account.html.twig', [
  319.             'entity' => $findUser,
  320.             'tid' => $request->attributes->get('tid'),
  321.         ]);
  322.     }
  324.     /**
  325.      * @Route("/signout", name="auth_signout")
  326.      */
  327.     public function signout(Request $request): Response
  328.     {
  329.         $request->getSession()->invalidate(1);
  330.         $request->getSession()->clear();
  331.         return $this->redirectToRoute('auth_signin');
  332.     }
  333. }