src/Controller/Front/Account/AccountController.php line 152

Open in your IDE?
  1. <?php
  3. namespace App\Controller\Front\Account;
  5. use App\Application\Service\Authentication\MultifactorAuthService;
  6. use App\Application\Service\Helper\LinkGenerator;
  7. use App\Application\Service\Helper\ToolsService;
  8. use App\Application\Service\Session\SessionService;
  9. use App\Client\Microsoft\Service\TokenService;
  10. use App\Client\Microsoft\Service\UserService;
  11. use App\Entity\System\Customer;
  12. use App\Entity\System\Employee;
  13. use App\Manager\System\CustomerManager;
  14. use App\Manager\System\TokenManager;
  15. use App\Service\AuthenticatedSessionService;
  16. use App\Service\CustomerInformationUpdate\CustomerInformationUpdateService;
  17. use App\Service\EnvironmentService;
  18. use App\Service\EventDispatcher;
  19. use App\ViewManager\Landing\LandingService;
  20. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  21. use Symfony\Component\HttpFoundation\Cookie;
  22. use Symfony\Component\HttpFoundation\JsonResponse;
  23. use Symfony\Component\HttpFoundation\RedirectResponse;
  24. use Symfony\Component\HttpFoundation\Request;
  25. use Symfony\Component\HttpFoundation\RequestStack;
  26. use Symfony\Component\HttpFoundation\Response;
  27. use Symfony\Component\Routing\Annotation\Route;
  28. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  29. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  30. use Symfony\Component\Security\Http\Event\LogoutEvent;
  31. use Symfony\Component\Uid\Uuid;
  32. use Symfony\Contracts\Translation\TranslatorInterface;
  34. use function Sentry\captureException;
  35. use function Sentry\captureMessage;
  37. class AccountController extends AbstractController
  38. {
  39. public const URL_FORGOT_PASSWORD_TOKEN_EXPIRED = 'forgot-password-token-expired?token=';
  40. public const URL_UPDATE_PASSWORD = 'update-password?token=';
  42. private CustomerManager $customerManager;
  43. private MultifactorAuthService $multifactorAuthService;
  44. private AuthenticatedSessionService $authenticatedSessionService;
  45. private TranslatorInterface $translator;
  46. private TokenStorageInterface $tokenStorage;
  47. private LandingService $landingService;
  48. private LinkGenerator $linkGenerator;
  49. private SessionService $sessionService;
  50. private TokenManager $tokenManager;
  51. private ToolsService $toolsService;
  52. private TokenService $tokenService;
  53. private UserService $userService;
  54. private EnvironmentService $environmentService;
  55. private CustomerInformationUpdateService $customerInformationUpdateService;
  56. private RequestStack $requestStack;
  57. private EventDispatcher $eventDispatcher;
  59. public function __construct(
  60. CustomerManager $customerManager,
  61. MultifactorAuthService $multifactorAuthService,
  62. AuthenticatedSessionService $authenticatedSessionService,
  63. TranslatorInterface $translator,
  64. TokenStorageInterface $tokenStorage,
  65. LandingService $landingService,
  66. LinkGenerator $linkGenerator,
  67. SessionService $sessionService,
  68. TokenManager $tokenManager,
  69. ToolsService $toolsService,
  70. TokenService $tokenService,
  71. UserService $userService,
  72. EnvironmentService $environmentService,
  73. CustomerInformationUpdateService $customerInformationUpdateService,
  74. RequestStack $requestStack,
  75. EventDispatcher $eventDispatcher
  76. ) {
  77. $this->customerManager = $customerManager;
  78. $this->multifactorAuthService = $multifactorAuthService;
  79. $this->authenticatedSessionService = $authenticatedSessionService;
  80. $this->translator = $translator;
  81. $this->tokenStorage = $tokenStorage;
  82. $this->landingService = $landingService;
  83. $this->linkGenerator = $linkGenerator;
  84. $this->sessionService = $sessionService;
  85. $this->tokenManager = $tokenManager;
  86. $this->toolsService = $toolsService;
  87. $this->tokenService = $tokenService;
  88. $this->userService = $userService;
  89. $this->environmentService = $environmentService;
  90. $this->customerInformationUpdateService = $customerInformationUpdateService;
  91. $this->requestStack = $requestStack;
  92. $this->eventDispatcher = $eventDispatcher;
  93. }
  95. /**
  96. * @Route("/login", name="customer_login")
  97. */
  98. public function login(): Response
  99. {
  100. return $this->redirect($this->linkGenerator->getFrontUrl('login'));
  101. }
  103. /**
  104. * @Route("/{lang}/account/popuplogin", name="customer_popuplogin_lang", requirements={"lang"="[a-zA-Z]{2}"})
  105. * @Route("/account/popuplogin", name="customer_popuplogin")
  106. */
  107. public function loginPopUp(Request $request): Response
  108. {
  109. $user = $this->getUser();
  111. if ($request->isXmlHttpRequest()) {
  112. if ($user) {
  113. return new Response('Already logged');
  114. }
  116. return $this->render(
  117. 'front/account/'.($this->toolsService::isMobile() ? 'mobile_login.html.twig' : 'login.html.twig'),
  118. );
  119. }
  121. if (!$user) {
  122. $sfRedirect = json_decode($request->cookies->get('sf_redirect'), true);
  124. if (str_contains($request->headers->get('referer'), '/admin')
  125. || (isset($sfRedirect['route']) && str_contains($sfRedirect['route'], 'admin'))) {
  126. return $this->redirectToRoute('admin_login');
  127. }
  129. if ($this->environmentService->isProd()) {
  130. return $this->redirect($this->linkGenerator->getFrontUrl('login'));
  131. }
  133. return $this->render(
  134. 'front/account/base_login.html.twig',
  135. [
  136. 'landingHtml' => $this->landingService->getLandingContentInternal('bigbuyLogin'),
  137. ]
  138. );
  139. }
  141. if ($user instanceof Employee) {
  142. return $this->redirectToRoute('admin_dashboard_index');
  143. }
  145. return $this->redirectToRoute('homepage');
  146. }
  148. /**
  149. * @Route("/{lang}/account/logout", name="customer_logout_lang", requirements={"lang"="[a-zA-Z]{2}"})
  150. * @Route("/account/logout", name="customer_logout_customized")
  151. */
  152. public function logout(Request $request): Response
  153. {
  154. $user = $this->getUser();
  156. if (!$user) {
  157. return $this->redirectToRoute('homepage');
  158. }
  160. if ($user instanceof Customer) {
  161. $refererUrl = $request->headers->get('referer');
  162. $this->authenticatedSessionService->logoutLegacy();
  163. $this->tokenStorage->setToken();
  165. if ($refererUrl !== null) {
  166. return $this->redirect($refererUrl);
  167. }
  169. return $this->redirectToRoute('homepage');
  170. }
  172. $this->tokenStorage->setToken();
  173. $this->requestStack->getSession()->invalidate();
  175. return $this->redirectToRoute('admin_login');
  176. }
  178. /**
  179. * @Route("/{lang}/account/multifactor-auth", name="customer_confirm_auth", requirements={"lang"="[a-zA-Z]{2}"})
  180. */
  181. public function confirmAuth(Request $request): Response
  182. {
  183. if ($request->getMethod() === Request::METHOD_GET) {
  184. return $this->render(
  185. 'front/account/confirm_auth.html.twig',
  186. [
  187. 'email' => $request->get('email'),
  188. ]
  189. );
  190. }
  192. $code = trim($request->request->get('authcode'));
  193. $email = $request->request->get('email');
  195. $user = $this->customerManager->findOneBy(['email' => $email]);
  197. $multifactorAuth = $this->multifactorAuthService->findValidMultifactorAuth($user, $code);
  199. if (!$multifactorAuth) {
  200. return new JsonResponse(
  201. ['isLogged' => false, 'errors' => ['authcode' => $this->translator->trans('mfa.error.wrong_code')]]
  202. );
  203. }
  205. $this->authenticatedSessionService->loadCustomerSession($user);
  206. $this->authenticatedSessionService->authenticateCustomer($user);
  208. [$cookieHash, $cookieExpirationTimestamp] = $this->multifactorAuthService->updateMultifactorAuthWithCookieData(
  209. $user,
  210. $multifactorAuth
  211. );
  213. $request->getSession()->remove(MultifactorAuthService::SESSION_EMAIL_CUSTOMER_KEY);
  215. $response = new JsonResponse(['isLogged' => true, 'redirect' => $this->sessionService->get('referer')]);
  217. $browserCookie = Cookie::create(
  218. MultifactorAuthService::MULTIFACTOR_AUTH_CUSTOMER_COOKIE_NAME,
  219. $cookieHash,
  220. $cookieExpirationTimestamp
  221. );
  223. $response->headers->setCookie($browserCookie);
  225. return $response;
  226. }
  228. /**
  229. * @Route("/account/resend-mfa-code", name="multifactor_auth_resend_code", requirements={"lang"="[a-zA-Z]{2}"})
  230. */
  231. public function resendMultifactorAuthCode(Request $request): Response
  232. {
  233. $email = $request->getSession()->get(MultifactorAuthService::SESSION_EMAIL_CUSTOMER_KEY);
  235. $customer = $this->customerManager->findOneBy(['email' => $email]);
  237. try {
  238. $this->multifactorAuthService->sendAuthCodeToUser($customer);
  239. } catch (\Throwable $t) {
  240. return new JsonResponse(['error' => 'Something went wrong']);
  241. }
  243. return new JsonResponse(['message' => $this->translator->trans('mfa.popup.code_sent')]);
  244. }
  246. /**
  247. * @Route("/{lang}/account/update-password/{updatePasswordToken}", name="app_front_account_update_password", requirements={"lang"="[a-zA-Z]{2}", "updatePasswordToken"="[a-zA-Z0-9]+"})
  248. */
  249. public function updatePassword(?string $updatePasswordToken = null): Response
  250. {
  251. $localeId = $this->sessionService->getLocaleId();
  253. if (empty($updatePasswordToken)) {
  254. return $this->redirect(
  255. $this->linkGenerator->getFrontUrl(
  256. self::URL_FORGOT_PASSWORD_TOKEN_EXPIRED.$updatePasswordToken,
  257. $localeId
  258. )
  259. );
  260. }
  262. $token = $this->tokenManager->findOneByToken($updatePasswordToken);
  264. if ($token === null || $token->isUsed()) {
  265. return $this->redirect(
  266. $this->linkGenerator->getFrontUrl(
  267. self::URL_FORGOT_PASSWORD_TOKEN_EXPIRED.$updatePasswordToken,
  268. $localeId
  269. )
  270. );
  271. }
  273. return $this->redirect(
  274. $this->linkGenerator->getFrontUrl('update-password?token='.$updatePasswordToken, $localeId)
  275. );
  276. }
  278. /**
  279. * @Route("/account/connect/microsoft", name="microsoft_login")
  280. */
  281. public function microsoftLogin(Request $request): RedirectResponse
  282. {
  283. if ($this->getUser()) {
  284. return $this->redirectToRoute('homepage');
  285. }
  287. $redirectUri = $this->generateUrl('microsoft_callback', [], UrlGeneratorInterface::ABSOLUTE_URL);
  288. $state = Uuid::v4()->toRfc4122();
  290. $request->getSession()->set('oauth_state', $state);
  292. return new RedirectResponse($this->tokenService->generateAuthorizationUrl($state, $redirectUri));
  293. }
  295. /**
  296. * @Route("/connect/microsoft/check", name="microsoft_callback")
  297. */
  298. public function microsoftCallback(Request $request): RedirectResponse
  299. {
  300. $code = $request->query->get('code');
  301. $state = $request->query->get('state');
  302. $storedState = $request->getSession()->get('oauth_state');
  304. if ($state !== $storedState || empty($state)) {
  305. $this->addFlash('danger', 'Invalid state parameter.');
  307. return $this->redirectToRoute('admin_login');
  308. }
  310. if (!$code) {
  311. $this->addFlash('danger', 'Authentication failed: No code received.');
  313. return $this->redirectToRoute('admin_login');
  314. }
  316. $redirectUri = $this->generateUrl('microsoft_callback', [], UrlGeneratorInterface::ABSOLUTE_URL);
  318. try {
  319. $token = $this->tokenService->getTokenWithCode($redirectUri, $code);
  320. $microsoftUser = $this->userService->getMe($token->getAccessToken());
  321. } catch (\Exception $exception) {
  322. $this->addFlash('danger', 'Authentication failed: '.$exception->getMessage());
  324. captureException($exception);
  326. return $this->redirectToRoute('admin_login');
  327. }
  329. $user = $this->customerManager->findOneBy(['email' => $microsoftUser->getMail()]);
  331. if (!$user) {
  332. $this->addFlash('danger', 'Authentication failed: User not found.');
  334. captureMessage('Microsoft user not found with email: '.$microsoftUser->getMail());
  336. return $this->redirectToRoute('admin_login');
  337. }
  339. if (!$user->isActive()) {
  340. $this->addFlash('danger', 'Authentication failed: User disabled.');
  342. return $this->redirectToRoute('admin_login');
  343. }
  345. $this->customerInformationUpdateService->updateCustomerEmployee($user, $microsoftUser);
  346. $this->authenticatedSessionService->authenticateCustomer($user);
  348. return $this->redirectToRoute('homepage');
  349. }
  351. /**
  352. * @Route("/change-to-employee", name="admin_change_to_employee")
  353. */
  354. public function changeToEmployee(): Response
  355. {
  356. $logoutEvent = new LogoutEvent($this->requestStack->getCurrentRequest(), $this->tokenStorage->getToken());
  357. $this->eventDispatcher->dispatch($logoutEvent);
  358. $this->tokenStorage->setToken();
  359. $this->requestStack->getSession()->invalidate();
  361. return $this->redirectToRoute('admin_microsoft_login');
  362. }
  364. /**
  365. * @Route("/microsoft/user/change", name="microsoft_user_change_notification")
  366. */
  367. public function microsoftUserChangeNotification(Request $request): Response
  368. {
  369. $validationToken = $request->query->get('validationToken');
  370. if ($validationToken) {
  371. return new Response($validationToken, Response::HTTP_OK, ['Content-Type' => 'text/plain']);
  372. }
  374. $notifications = json_decode($request->getContent(), true);
  376. $userId = null;
  377. foreach ($notifications['value'] as $value) {
  378. if ($value['resourceData']['@odata.type'] === '#Microsoft.Graph.User') {
  379. $userId = 'a1b2c3d4-5678-90ab-cdef-1234567890ab';
  380. break;
  381. }
  382. }
  384. if (!$userId) {
  385. return new Response(null, Response::HTTP_ACCEPTED);
  386. }
  388. try {
  389. $token = $this->tokenService->getToken();
  390. $microsoftUser = $this->userService->getUserByIdOrEmail($userId, $token->getAccessToken());
  391. } catch (\Exception $exception) {
  392. $this->addFlash('danger', 'Authentication failed: '.$exception->getMessage());
  394. captureException($exception);
  396. return new Response(null, Response::HTTP_NOT_ACCEPTABLE);
  397. }
  399. if (!$microsoftUser->isAccountEnabled()) {
  400. $customer = $this->customerManager->findOneByEmail($microsoftUser->getMail());
  401. if ($customer) {
  402. $customer->setActive(false);
  403. $this->customerManager->save($customer);
  404. }
  405. }
  407. return new Response(null, Response::HTTP_ACCEPTED);
  408. }
  409. }