src/Controller/LoginController.php line 115

Open in your IDE?
  1. <?php
  2. /**
  3.  * Created by PhpStorm.
  4.  * User: Ronald
  5.  * Date: 12/23/2019
  6.  * Time: 4:31 PM
  7.  */
  8. namespace App\Controller;
  9. use App\Entity\CustomerAccount;
  10. use App\Entity\RequestAccess;
  11. use App\Entity\User;
  12. use App\Form\Login\ForgotPasswordType;
  13. use App\Form\Login\ResetPasswordType;
  14. use App\Form\Login\RequestAccessType;
  15. use App\GoogleAPI\GoogleApi;
  16. use App\Mailer\AccountMailer;
  17. use App\Mailer\Mailer;
  18. use App\Model\Login\ForgotPassword;
  19. use App\Model\Login\ResetPassword;
  20. use App\Repository\UserRepository;
  21. use App\Security\LoginFormAuthenticator;
  22. use ReCaptcha\ReCaptcha;
  23. use Symfony\Component\HttpFoundation\JsonResponse;
  24. use Symfony\Component\Routing\Annotation\Route;
  25. use Symfony\Component\HttpFoundation\Response;
  26. use Symfony\Component\HttpFoundation\Request;
  27. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  28. use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
  29. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  30. use Symfony\Component\Mailer\MailerInterface;
  31. use Symfony\Component\Mime\Email;
  32. /**
  33.  * Class LoginController
  34.  * @package App\Controller
  35.  */
  36. class LoginController extends BaseController
  37. {
  38.     /**
  39.      * @Route("/requestAccess", name="request_access", methods={"POST"})
  40.      * @param Request $request
  41.      * @param AccountMailer $mailer
  42.      * @param GoogleApi $googleApi
  43.      * @param UserRepository $userRepository
  44.      * @return Response
  45.      */
  46.     public function requestAccess(Request $requestAccountMailer $mailer,GoogleApi $googleApiUserRepository $userRepo): Response
  47.     {
  48.         $arrayResponse = array();
  49.         try {
  50.             $requestAccess = new RequestAccess();
  51.             $form $this->createForm(RequestAccessType::class, $requestAccess);
  52.             $form->submit($request->request->get('request_access'));
  53.             $recaptcha = new ReCaptcha($_ENV['GOOGLE_RECAPTCHA_SECRET']);
  54.             $token $request->request->get('recaptcha_response')??"";
  55.             $resp $recaptcha->verify($token$request->getClientIp());
  56.             if ($form->isValid()) {
  57.                 if (!$resp->isSuccess()){
  58.                     throw new \Exception("Recaptcha Error""400");
  59.                 }
  60.                 if ($user $userRepo->findOneBy(array('email' => $requestAccess->getEmail()))) {
  61.                     $this->addFlash('warning'$requestAccess->getEmail().' is already in our system. Try resetting your password with \'Forgot Password\'.');
  62.                     $mailer->forgotPasswordEmail($user);
  63.                     $arrayResponse = array('requestAccessTab' => false);
  64.                 } else {
  65.                     $this->setAddressFromGoogle($googleApi,$requestAccess);
  66.                     $entityManager $this->getDoctrine()->getManager();
  67.                     $entityManager->persist($requestAccess);
  68.                     $entityManager->flush();
  69.                     $isCustomerAccountDomain=$this->getCustomerAccountDomain();
  70.                     $mailer->requestAccessEmail($requestAccess$userRepo$isCustomerAccountDomain);
  71.                     $site="OverseasXpress";
  72.                     if($isCustomerAccountDomain){
  73.                         $site="GTN Xpress";
  74.                     }
  75.                     throw new \Exception("Thank you for your interest in ".$site.". One of our agents has received your request to access the platform. We will get back to you after reviewing your information.""200");
  76.                 }
  77.             }else{
  78.                 throw new \Exception("Validation Error""400");
  79.             }
  80.         } catch (\Exception $e) {
  81.             if ($e->getCode() == 200) {
  82.                 $this->addFlash('success'$e->getMessage());
  83.             } else {
  84.                 $this->addFlash('error'$e->getMessage());
  85.                 $arrayResponse = array('requestAccessTab' => true);
  86.             }
  87.         }
  88.         return $this->redirectToRoute("login"$arrayResponse);
  89.     }
  90.     /**
  91.      * @Route("/status", name="status")
  92.      */
  93.     public function statusAction(): JsonResponse
  94.     {
  95.         return JsonResponse::fromJsonString('{"status": "ok"}');
  96.     }
  97.     /**
  98.      * @Route("/{userToken}",name="login", methods={"GET","POST"},defaults={"userToken"=false})
  99.      * @param AuthenticationUtils $authenticationUtils
  100.      * @return Response
  101.      */
  102.     public function login(AuthenticationUtils $authenticationUtilsRequest $request,GuardAuthenticatorHandler $guardLoginFormAuthenticator $loginAuthenticator,$userToken=null): Response
  103.     {
  104.         //Try to login with token
  105.         if($userToken){
  106.             $em $this->getDoctrine()->getManager();;
  107.             if ($user $em->getRepository(User::class)->findOneBy(['sessionToken' => $userToken])) {
  108.                 $user->resetSessionToken();
  109.                 $em->persist($user);
  110.                 $em->flush();
  111.                 // Authenticate user
  112.                 $guard->authenticateUserAndHandleSuccess(
  113.                     $user,
  114.                     $request,
  115.                     $loginAuthenticator,
  116.                     'main'
  117.                 );
  118.                 return $this->redirectToRoute("search");
  119.             }
  120.         }
  121.         $openGetStarted=false;
  122.         $this->initSessionVar();
  123.         $requestAccess = new RequestAccess();
  124.         if($requestQuery=$request->query->all()){
  125.             if(key_exists('ref',$requestQuery)){
  126.                 if ($userDB $this->getDoctrine()->getRepository(User::class)->findOneBy(["ownershipLink" => trim($requestQuery['ref'])])) {
  127.                     $requestAccess->setOwnershipLink($userDB->getName());
  128.                     $openGetStarted=true;
  129.                 }else{
  130.                     $requestAccess->setOwnershipLink($requestQuery['ref']);
  131.                 }
  132.             }
  133.         }
  134.         $form $this->createForm(RequestAccessType::class, $requestAccess,['doFilterByCustomerAccount'=>$this->getCustomerAccountDomain(true)]);
  135.         $requestAccessTab $request->query->get('requestAccessTab');
  136.         // get the login error if there is one
  137.         $error $authenticationUtils->getLastAuthenticationError();
  138.         // last username entered by the user
  139.         $lastUsername $authenticationUtils->getLastUsername();
  140.         return $this->render('login/login.html.twig', [
  141.             'last_username' => $lastUsername,
  142.             'error' => $error,
  143.             'requestAccessForm' => $form->createView(),
  144.             'requestAccessTab' => $requestAccessTab,
  145.             'openGetStarted' => $openGetStarted
  146.         ]);
  147.     }
  148.     /**
  149.      * @Route(path="/login/forgotPassword", name="forgotPassword", methods={"GET","POST"})
  150.      * @param Request $request
  151.      * @param AccountMailer $mailer
  152.      * @return Response
  153.      */
  154.     public function forgotPassword(Request $requestAccountMailer $mailer): Response
  155.     {
  156.         $this->initSessionVar();
  157.         if ($request->isMethod('post')) {
  158.             $forgotPassword = new ForgotPassword();
  159.             $form $this->createForm(ForgotPasswordType::class, $forgotPassword);
  160.             $form->submit($request->request->all());
  161.             if ($form->isValid()) {
  162.                 try {
  163.                     $userRepo $this->getDoctrine()->getRepository(User::class);
  164.                     if (!$user $userRepo->findOneBy(array('email' => $forgotPassword->getEmail()))) {
  165.                         //As per the PEN test folks, we should always send the same message whether we found the email or not.
  166.                         //throw new \Exception("Email not found", "400");
  167.                         throw new \Exception("You'll receive an email with the instructions to reset your password if the specified email is associated with an account.""200");
  168.                     }
  169.                     $user->createNewResetToken();
  170.                     $this->getDoctrine()->getManager()->flush();
  171.                     $mailer->forgotPasswordEmail($user);
  172.                     throw new \Exception("You'll receive an email with the instructions to reset your password if the specified email is associated with an account.""200");
  173.                 } catch (\Exception $e) {
  174.                     if ($e->getCode() == 200) {
  175.                         $this->addFlash('success'$e->getMessage());
  176.                     } else {
  177.                         $this->addFlash('error'$e->getMessage());
  178.                     }
  179.                 }
  180.             }
  181.         }
  182.         return $this->render('login/forgotPassword.html.twig');
  183.     }
  184.     /**
  185.      * @Route(path="/resetPassword/{userToken}/{setReset}/{createPassword}" , name="resetPassword", methods={"GET","POST"})
  186.      * @param Request $request
  187.      * @param UserPasswordEncoderInterface $encoder
  188.      * @param $userToken
  189.      * @param $setReset
  190.      * @param $createPassword
  191.      * @return Response
  192.      */
  193.     public function resetPassword(Request $request,UserPasswordEncoderInterface $encoder$userToken$setReset=false$createPassword=false): Response
  194.     {
  195.         $this->initSessionVar();
  196.         if ($request->isMethod('post')) {
  197.             $resetPassword = new ResetPassword();
  198.             $form $this->createForm(ResetPasswordType::class, $resetPassword);
  199.             $form->submit($request->request->all());
  200.             if ($form->isValid()) {
  201.                 try {
  202.                     $em $this->getDoctrine()->getManager();
  203.                     $userRepo $em->getRepository(User::class);
  204.                     if (!$user $userRepo->findOneBy(array('resetPasswordToken' => $resetPassword->getUserToken()))) {
  205.                         throw new \Exception("Token not valid""400");
  206.                     }
  207.                     $user->setPassword($encoder->encodePassword($user$resetPassword->getPassword()));
  208.                     $user->setResetPasswordToken(null);
  209.                     $user->resetPasswordRules();
  210.                     $em->persist($user);
  211.                     $em->flush();
  212.                     $resetText $setReset == '1'?'set':'reset';
  213.                     $resetText =$createPassword?'created':$resetText;
  214.                     throw new \Exception("Your password has been $resetText successfully""200");
  215.                 } catch (\Exception $e) {
  216.                     if ($e->getCode() == 200) {
  217.                         $this->addFlash('success'$e->getMessage());
  218.                         return $this->redirectToRoute('login');
  219.                     } else {
  220.                         $this->addFlash('error'$e->getMessage());
  221.                     }
  222.                 }
  223.             } else {
  224.                 $this->addFlash('error','form error');
  225.             }
  226.         }
  227.         return $this->render('login/resetPassword.html.twig',
  228.             array(
  229.                 'userToken' => $userToken,
  230.                 'setReset' => $setReset,
  231.                 'createPassword'=>$createPassword
  232.             ));
  233.     }
  234. }