src/Controller/SecurityController.php line 24

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\User;
  6. use App\Notification\ContactNotification;
  7. use App\Utils\FormValidator;
  8. use Doctrine\ORM\EntityManagerInterface;
  9. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  10. use Symfony\Component\HttpFoundation\Request;
  11. use Symfony\Component\HttpFoundation\Response;
  12. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  13. use Symfony\Component\Routing\Annotation\Route;
  14. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  15. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  16. use Symfony\Component\Security\Core\User\UserInterface;
  17. use Symfony\Component\Security\Csrf\TokenGenerator\TokenGeneratorInterface;
  18. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  20. class SecurityController extends AbstractController
  21. {
  23.     #[Route(path'/'name'homepage')]
  24.     public function home()
  25.     {
  27.         return $this->render('security/homepage.html.twig', []);
  28.     }
  30.     #[Route(path'/login/{message}/{sendTokenActiveAccount}'name'app_login')]
  31.     public function login(AuthenticationUtils $authenticationUtilsstring $message nullbool $sendTokenActiveAccount false): Response
  32.     {
  33.         // if ($this->getUser()) {
  34.         //     return $this->redirectToRoute('target_path');
  35.         // }
  37.         if ($message) {
  38.             $this->addFlash('info'$message);
  39.         }
  41.         // get the login error if there is one
  42.         $error $authenticationUtils->getLastAuthenticationError();
  43.         // last username entered by the user
  44.         $lastUsername $authenticationUtils->getLastUsername();
  46.         return $this->render('security/login.html.twig', ['last_username' => $lastUsername'error' => $error'sendTokenActiveAccount' => $sendTokenActiveAccount]);
  48.     }
  50.     #[Route(path'/logout/{message}/{sendTokenActiveAccount}'name'app_logout')]
  51.     public function logout(string $message nullbool $sendTokenActiveAccount false): Response
  52.     {
  53.         return $this->redirectToRoute('app_login', ['message' => $message'sendTokenActiveAccount' => $sendTokenActiveAccount]);
  54.     }
  56.     #[Route(path'/register/{accountUrl}'name'app_register')]
  57.     public function register(
  58.         Request                     $request,
  59.         UserPasswordHasherInterface $passwordHasher,
  60.         TokenGeneratorInterface     $tokenGenerator,
  61.         ContactNotification         $contactNotification,
  62.         FormValidator               $formValidator,
  63.         EntityManagerInterface      $entityManager,
  64.         string                      $accountUrl
  65.     ): Response
  66.     {
  68.         if ($request->isMethod('POST')) {
  69.             if ($this->isCsrfTokenValid('register'$request->get('_token'))) {
  71.                 $email $request->request->get('email');
  72.                 $password $request->request->get('password');
  73.                 $account $request->request->get('account');
  75.                 $emailIsUnique $formValidator->isEmailUnique($email);
  76.                 $passwordIsSecure $formValidator->isSecurePassword($password);
  78.                 if (!$emailIsUnique) {
  79.                     $this->addFlash('danger'"Cette adresse email est déjà utilisée.");
  80.                 }
  81.                 if (!$passwordIsSecure) {
  82.                     $this->addFlash('danger'"Le mot de passe n'est pas suffisamment fort.");
  83.                 }
  85.                 //si l'email fournit est bien unique et si le mot de passe est sécurisé
  86.                 if ($emailIsUnique && $passwordIsSecure) {
  88.                     $token $tokenGenerator->generateToken(); //création du token pour activer le compte
  90.                     $user = new User();
  92.                     //si l'utilisateur s'inscrit en tant que facturier
  93.                     if ($account === 'facturier') {
  94.                         $user->setRoles([User::ROLE_FACTURIER]);
  95.                     } else {
  96.                         $user->setRoles([User::ROLE_PROFESSIONAL]);
  97.                     }
  99.                     $user->setPassword($passwordHasher->hashPassword($user$password));
  100.                     $user->setEmail($email);
  101.                     $user->setIsProfessional(1);
  102.                     $user->setActive(0);
  103.                     $user->setNameUser($request->request->get('email'));
  104.                     $user->setResetToken($token);
  105.                     $entityManager->persist($user);
  106.                     $entityManager->flush();
  108.                     $url $this->generateUrl('app_active_account', array('token' => $token), UrlGeneratorInterface::ABSOLUTE_URL);
  109.                     $contactNotification->sendTokenActiveAccountByEmail($url$email);
  111.                     $this->addFlash('info''Enregistrement réalisé avec succès ! Vous devez activer votre compte via le lien que vous allez recevoir par mail avant de pouvoir vous connectez.');
  113.                     return $this->redirectToRoute('app_login');
  114.                 }
  115.             }
  116.         }
  118.         return $this->render('security/register.html.twig', ['accountUrl' => $accountUrl]);
  119.     }
  121.     #[Route(path'/forgotten_password'name'app_forgotten_password')]
  122.     public function forgottenPassword(
  123.         Request                 $request,
  124.         TokenGeneratorInterface $tokenGenerator,
  125.         ContactNotification     $contactNotification,
  126.         EntityManagerInterface  $entityManager
  127.     ): Response
  128.     {
  130.         if ($request->isMethod('POST')) {
  132.             $email $request->request->get('email');
  134.             $user $entityManager->getRepository(User::class)->findOneByEmail($email);
  135.             /* @var $user User */
  137.             if ($user === null) {
  138.                 $this->addFlash('danger''Email Inconnu');
  139.                 return $this->redirectToRoute('app_forgotten_password');
  140.             }
  141.             $token $tokenGenerator->generateToken();
  143.             try {
  144.                 $user->setResetToken($token);
  145.                 $user->setUpdatedAt(new \DateTime('now'));
  146.                 $entityManager->flush();
  147.             } catch (\Exception $e) {
  148.                 $this->addFlash('warning'$e->getMessage());
  149.                 return $this->redirectToRoute('app_forgotten_password');
  150.             }
  152.             $url $this->generateUrl('app_reset_password', array('token' => $token), UrlGeneratorInterface::ABSOLUTE_URL);
  154.             $contactNotification->sendTokenPasswordByEmail($url$user->getEmail());
  156.             $this->addFlash('info''Mail envoyé.');
  158.             return $this->redirectToRoute('app_login');
  159.         }
  161.         return $this->render('security/forgotten_password.html.twig');
  162.     }
  164.     #[Route(path'/reset_password/{token}'name'app_reset_password')]
  165.     public function resetPassword(Request $requeststring $tokenUserPasswordHasherInterface $passwordHasherFormValidator $formValidatorEntityManagerInterface $entityManager)
  166.     {
  168.         if ($request->isMethod('POST')) {
  170.             $user $entityManager->getRepository(User::class)->findOneByResetToken($token);
  171.             /* @var $user User */
  173.             if ($user === null) {
  174.                 $this->addFlash('danger''Token Inconnu');
  175.                 return $this->redirectToRoute('app_forgotten_password');
  176.             }
  178.             $passwordIsSecure $formValidator->isSecurePassword($request->request->get('password'));
  179.             if (!$passwordIsSecure) {
  180.                 $this->addFlash('danger'"Le mot de passe n'est pas suffisamment fort.");
  181.                 return $this->render('security/reset_password.html.twig', ['token' => $token]);
  182.             }
  184.             $user->setResetToken('');
  185.             $user->setPassword($passwordHasher->hashPassword($user$request->request->get('password')));
  186.             $user->setUpdatedAt(new \DateTime('now'));
  187.             $entityManager->flush();
  189.             $this->addFlash('info''Mot de passe mis à jour');
  191.             return $this->redirectToRoute('app_login');
  192.         } else {
  194.             return $this->render('security/reset_password.html.twig', ['token' => $token]);
  195.         }
  197.     }
  199.     #[Route(path'/changePassword'name'app_change_password')]
  200.     public function changePassword(Request $requestUserPasswordHasherInterface $passwordHasher, ?UserInterface $userFormValidator $formValidatorEntityManagerInterface $entityManager)
  201.     {
  203.         if (!$user) {
  204.             return $this->redirectToRoute('app_login');
  205.         }
  207.         if ($user->getIsFirstConnexion() && $user->getIsProfessional() == 0) { //si c'est la première connexion d'un patient
  208.             $this->addFlash('info'"Bonjour, pour une question de sécurité, nous vous invitons à choisir et modifier votre mot de passe.");
  209.         }
  211.         if ($request->isMethod('POST') && $this->isCsrfTokenValid('change_password'$request->request->get('_token'))) {
  213.             $oldPassword $request->request->get('_old_password');
  214.             $password $request->request->get('_password');
  215.             $confirmPassword $request->request->get('_confirm_password');
  217.             // Si l'ancien mot de passe est bon
  218.             if ($passwordHasher->isPasswordValid($user$oldPassword)) {
  220.                 if ($password === $confirmPassword) {
  222.                     $passwordIsSecure $formValidator->isSecurePassword($password);
  223.                     if (!$passwordIsSecure) {
  224.                         $this->addFlash('danger'"Le mot de passe n'est pas suffisamment fort.");
  225.                         return $this->render('security/change_password.html.twig');
  226.                     }
  228.                     if ($user->getIsFirstConnexion()) { //si c'est la première connexion de l'utilisater
  229.                         $user->setIsFirstConnexion(0);
  230.                     }
  232.                     $user->setPassword($passwordHasher->hashPassword($user$password));
  233.                     $user->setUpdatedAt(new \DateTime('now'));
  234.                     $entityManager->persist($user);
  235.                     $entityManager->flush();
  237.                     $this->addFlash('info''Votre mot de passe a bien été changé !');
  239.                     return $this->redirectToRoute('profil');
  240.                 } else {
  241.                     $this->addFlash('danger'"Les mots de passes ne sont pas identiques.");
  242.                     return $this->render('security/change_password.html.twig');
  243.                 }
  244.             } else {
  245.                 $this->addFlash('danger'"Ce n'est pas le bon mot de passe.");
  246.                 return $this->render('security/change_password.html.twig');
  247.             }
  248.         }
  250.         return $this->render('security/change_password.html.twig', array());
  252.     }
  254.     #[Route(path'/active-account/{token}'name'app_active_account')]
  255.     public function activeAccount(string $tokenEntityManagerInterface $entityManager)
  256.     {
  257.         $user $entityManager->getRepository(User::class)->findOneByResetToken($token);
  259.         if ($user === null) {
  260.             $this->addFlash('danger''Token Inconnu');
  261.             return $this->redirectToRoute('app_logout');
  262.         }
  264.         $user->setResetToken('');
  265.         $user->setUpdatedAt(new \DateTime('now'));
  266.         $user->setActive(1);
  267.         $entityManager->flush();
  269.         $this->addFlash('info''Votre compte est maintenant actif ! Il ne vous reste plus qu\'à vous connecter.');
  270.         return $this->redirectToRoute('app_login');
  271.     }
  273.     #[Route(path'/send/active-account'name'app_send_active_account')]
  274.     public function sendActiveAccount(Request $requestTokenGeneratorInterface $tokenGeneratorContactNotification $contactNotificationEntityManagerInterface $entityManager)
  275.     {
  277.         if ($request->isMethod('POST')) {
  279.             $email $request->request->get('email');
  281.             $user $entityManager->getRepository(User::class)->findOneByEmail($email);
  283.             if ($user === null) {
  284.                 $this->addFlash('danger''Email Inconnu');
  285.                 return $this->redirectToRoute('app_send_active_account');
  286.             }
  287.             $token $tokenGenerator->generateToken();
  289.             try {
  290.                 $user->setResetToken($token);
  291.                 $user->setUpdatedAt(new \DateTime('now'));
  292.                 $entityManager->flush();
  293.             } catch (\Exception $e) {
  294.                 $this->addFlash('warning'$e->getMessage());
  295.                 return $this->redirectToRoute('app_send_active_account');
  296.             }
  298.             $url $this->generateUrl('app_active_account', array('token' => $token), UrlGeneratorInterface::ABSOLUTE_URL);
  299.             $contactNotification->sendTokenActiveAccountByEmail($url$email);
  301.             return $this->redirectToRoute('app_login', ['message' => 'Mail pour activer votre compte envoyé.''sendTokenActiveAccount' => true]);
  302.         }
  304.         return $this->render('security/send_active_account.html.twig');
  306.     }
  307. }