src/Controller/LoginController.php line 137

Open in your IDE?
  1. <?php
  2. /**
  3.  * Created by PhpStorm.
  4.  * User: Ronald
  5.  * Date: 12/23/2019
  6.  * Time: 4:31 PM
  7.  */
  9. namespace App\Controller;
  11. use App\Entity\CustomerAccount;
  12. use App\Entity\RequestAccess;
  13. use App\Entity\User;
  14. use App\Form\Login\ForgotPasswordType;
  15. use App\Form\Login\ResetPasswordType;
  16. use App\Form\Login\RequestAccessType;
  17. use App\GoogleAPI\GoogleApi;
  18. use App\Mailer\AccountMailer;
  19. use App\Mailer\Mailer;
  20. use App\Model\Login\ForgotPassword;
  21. use App\Model\Login\ResetPassword;
  22. use App\Repository\UserRepository;
  23. use App\Security\LoginFormAuthenticator;
  24. use ReCaptcha\ReCaptcha;
  25. use Symfony\Component\HttpFoundation\JsonResponse;
  26. use Symfony\Component\Routing\Annotation\Route;
  27. use Symfony\Component\HttpFoundation\Response;
  28. use Symfony\Component\HttpFoundation\Request;
  29. use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  30. use Symfony\Component\Security\Guard\GuardAuthenticatorHandler;
  31. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  33. use Symfony\Component\Mailer\MailerInterface;
  34. use Symfony\Component\Mime\Email;
  36. /**
  37.  * Class LoginController
  38.  * @package App\Controller
  39.  */
  40. class LoginController extends BaseController
  41. {
  42.     /**
  43.      * @Route("/requestAccess", name="request_access", methods={"POST"})
  44.      * @param Request $request
  45.      * @param AccountMailer $mailer
  46.      * @param GoogleApi $googleApi
  47.      * @param UserRepository $userRepository
  48.      * @return Response
  49.      */
  50.     public function requestAccess(Request $requestAccountMailer $mailer,GoogleApi $googleApiUserRepository $userRepo): Response
  51.     {
  52.         $arrayResponse = array();
  53.         try {
  54.             $requestAccess = new RequestAccess();
  55.             $form $this->createForm(RequestAccessType::class, $requestAccess);
  56.             $form->submit($request->request->get('request_access'));
  58.             $recaptcha = new ReCaptcha($_ENV['GOOGLE_RECAPTCHA_SECRET']);
  59.             $token $request->request->get('recaptcha_response')??"";
  60.             $resp $recaptcha->verify($token$request->getClientIp());
  62.             if ($form->isValid()) {
  63.                 if (!$resp->isSuccess()){
  64.                     throw new \Exception("Recaptcha Error""400");
  65.                 }
  67.                 if ($user $userRepo->findOneBy(array('email' => $requestAccess->getEmail()))) {
  68.                     $this->addFlash('warning'$requestAccess->getEmail().' is already in our system. Try resetting your password with \'Forgot Password\'.');
  69.                     $mailer->forgotPasswordEmail($user);
  70.                     $arrayResponse = array('requestAccessTab' => false);
  71.                 } else {
  72.                     $this->setAddressFromGoogle($googleApi,$requestAccess);
  73.                     $entityManager $this->getDoctrine()->getManager();
  74.                     $entityManager->persist($requestAccess);
  75.                     $entityManager->flush();
  77.                     $isCustomerAccountDomain=$this->getCustomerAccountDomain();
  79.                     $mailer->requestAccessEmail($requestAccess$userRepo$isCustomerAccountDomain);
  81.                     $site="OverseasXpress";
  82.                     if($isCustomerAccountDomain){
  83.                         $site="GTN Xpress";
  84.                     }
  85.                     throw new \Exception("Thank you for your interest in ".$site.". One of our agents has received your request to access the platform. We will get back to you after reviewing your information.""200");
  86.                 }
  87.             }else{
  88.                 throw new \Exception("Validation Error""400");
  89.             }
  90.         } catch (\Exception $e) {
  91.             if ($e->getCode() == 200) {
  92.                 $this->addFlash('success'$e->getMessage());
  93.             } else {
  94.                 $this->addFlash('error'$e->getMessage());
  95.                 $arrayResponse = array('requestAccessTab' => true);
  96.             }
  97.         }
  99.         return $this->redirectToRoute("login"$arrayResponse);
  100.     }
  102.     /**
  103.      * @Route("/status", name="status")
  104.      */
  105.     public function statusAction(): JsonResponse
  106.     {
  107.         return JsonResponse::fromJsonString('{"status": "ok"}');
  108.     }
  110.     /**
  111.      * @Route("/{userToken}",name="login", methods={"GET","POST"},defaults={"userToken"=false})
  112.      * @param AuthenticationUtils $authenticationUtils
  113.      * @return Response
  114.      */
  115.     public function login(AuthenticationUtils $authenticationUtilsRequest $request,GuardAuthenticatorHandler $guardLoginFormAuthenticator $loginAuthenticator,$userToken=null): Response
  116.     {
  117.         //Try to login with token
  118.         if($userToken){
  119.             $em $this->getDoctrine()->getManager();;
  120.             if ($user $em->getRepository(User::class)->findOneBy(['sessionToken' => $userToken])) {
  121.                 $user->resetSessionToken();
  122.                 $em->persist($user);
  123.                 $em->flush();
  125.                 // Authenticate user
  126.                 $guard->authenticateUserAndHandleSuccess(
  127.                     $user,
  128.                     $request,
  129.                     $loginAuthenticator,
  130.                     'main'
  131.                 );
  132.                 return $this->redirectToRoute("search");
  133.             }
  134.         }
  136.         $openGetStarted=false;
  137.         $this->initSessionVar();
  138.         $requestAccess = new RequestAccess();
  139.         if($requestQuery=$request->query->all()){
  140.             if(key_exists('ref',$requestQuery)){
  141.                 if ($userDB $this->getDoctrine()->getRepository(User::class)->findOneBy(["ownershipLink" => trim($requestQuery['ref'])])) {
  142.                     $requestAccess->setOwnershipLink($userDB->getName());
  143.                     $openGetStarted=true;
  144.                 }else{
  145.                     $requestAccess->setOwnershipLink($requestQuery['ref']);
  146.                 }
  147.             }
  148.         }
  149.         $form $this->createForm(RequestAccessType::class, $requestAccess,['doFilterByCustomerAccount'=>$this->getCustomerAccountDomain(true)]);
  150.         $requestAccessTab $request->query->get('requestAccessTab');
  152.         // get the login error if there is one
  153.         $error $authenticationUtils->getLastAuthenticationError();
  154.         // last username entered by the user
  155.         $lastUsername $authenticationUtils->getLastUsername();
  157.         return $this->render('login/login.html.twig', [
  158.             'last_username' => $lastUsername,
  159.             'error' => $error,
  160.             'requestAccessForm' => $form->createView(),
  161.             'requestAccessTab' => $requestAccessTab,
  162.             'openGetStarted' => $openGetStarted
  163.         ]);
  164.     }
  166.     /**
  167.      * @Route(path="/login/forgotPassword", name="forgotPassword", methods={"GET","POST"})
  168.      * @param Request $request
  169.      * @param AccountMailer $mailer
  170.      * @return Response
  171.      */
  172.     public function forgotPassword(Request $requestAccountMailer $mailer): Response
  173.     {
  174.         $this->initSessionVar();
  175.         if ($request->isMethod('post')) {
  177.             $forgotPassword = new ForgotPassword();
  178.             $form $this->createForm(ForgotPasswordType::class, $forgotPassword);
  179.             $form->submit($request->request->all());
  180.             if ($form->isValid()) {
  181.                 try {
  182.                     $userRepo $this->getDoctrine()->getRepository(User::class);
  184.                     if (!$user $userRepo->findOneBy(array('email' => $forgotPassword->getEmail()))) {
  185.                         //As per the PEN test folks, we should always send the same message whether we found the email or not.
  186.                         //throw new \Exception("Email not found", "400");
  187.                         throw new \Exception("You'll receive an email with the instructions to reset your password if the specified email is associated with an account.""200");
  189.                     }
  190.                     $user->createNewResetToken();
  192.                     $this->getDoctrine()->getManager()->flush();
  193.                     $mailer->forgotPasswordEmail($user);
  194.                     throw new \Exception("You'll receive an email with the instructions to reset your password if the specified email is associated with an account.""200");
  196.                 } catch (\Exception $e) {
  197.                     if ($e->getCode() == 200) {
  198.                         $this->addFlash('success'$e->getMessage());
  199.                     } else {
  200.                         $this->addFlash('error'$e->getMessage());
  201.                     }
  202.                 }
  203.             }
  204.         }
  206.         return $this->render('login/forgotPassword.html.twig');
  208.     }
  210.     /**
  211.      * @Route(path="/resetPassword/{userToken}/{setReset}/{createPassword}" , name="resetPassword", methods={"GET","POST"})
  212.      * @param Request $request
  213.      * @param UserPasswordEncoderInterface $encoder
  214.      * @param $userToken
  215.      * @param $setReset
  216.      * @param $createPassword
  217.      * @return Response
  218.      */
  219.     public function resetPassword(Request $request,UserPasswordEncoderInterface $encoder$userToken$setReset=false$createPassword=false): Response
  220.     {
  221.         $this->initSessionVar();
  222.         if ($request->isMethod('post')) {
  224.             $resetPassword = new ResetPassword();
  225.             $form $this->createForm(ResetPasswordType::class, $resetPassword);
  226.             $form->submit($request->request->all());
  227.             if ($form->isValid()) {
  228.                 try {
  229.                     $em $this->getDoctrine()->getManager();
  230.                     $userRepo $em->getRepository(User::class);
  232.                     if (!$user $userRepo->findOneBy(array('resetPasswordToken' => $resetPassword->getUserToken()))) {
  233.                         throw new \Exception("Token not valid""400");
  234.                     }
  235.                     $user->setPassword($encoder->encodePassword($user$resetPassword->getPassword()));
  236.                     $user->setResetPasswordToken(null);
  237.                     $user->resetPasswordRules();
  238.                     $em->persist($user);
  239.                     $em->flush();
  241.                     $resetText $setReset == '1'?'set':'reset';
  242.                     $resetText =$createPassword?'created':$resetText;
  244.                     throw new \Exception("Your password has been $resetText successfully""200");
  246.                 } catch (\Exception $e) {
  247.                     if ($e->getCode() == 200) {
  248.                         $this->addFlash('success'$e->getMessage());
  249.                         return $this->redirectToRoute('login');
  250.                     } else {
  251.                         $this->addFlash('error'$e->getMessage());
  252.                     }
  253.                 }
  254.             } else {
  255.                 $this->addFlash('error','form error');
  256.             }
  257.         }
  259.         return $this->render('login/resetPassword.html.twig',
  260.             array(
  261.                 'userToken' => $userToken,
  262.                 'setReset' => $setReset,
  263.                 'createPassword'=>$createPassword
  264.             ));
  266.     }
  267. }