src/Controller/Front/Account/AccountController.php line 60

Open in your IDE?
  1. <?php
  3. namespace App\Controller\Front\Account;
  5. use App\Application\Service\Authentication\MultifactorAuthService;
  6. use App\Application\Service\Helper\LinkGenerator;
  7. use App\Application\Service\Session\SessionService;
  8. use App\Client\Microsoft\Service\TokenService;
  9. use App\Client\Microsoft\Service\UserService;
  10. use App\Entity\System\Customer;
  11. use App\Manager\System\CustomerManager;
  12. use App\Manager\System\TokenManager;
  13. use App\Service\AuthenticatedSessionService;
  14. use App\Service\CustomerInformationUpdate\CustomerInformationUpdateService;
  15. use App\Service\EventDispatcher;
  16. use App\Service\RefererService;
  17. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  18. use Symfony\Component\HttpFoundation\Cookie;
  19. use Symfony\Component\HttpFoundation\JsonResponse;
  20. use Symfony\Component\HttpFoundation\RedirectResponse;
  21. use Symfony\Component\HttpFoundation\Request;
  22. use Symfony\Component\HttpFoundation\RequestStack;
  23. use Symfony\Component\HttpFoundation\Response;
  24. use Symfony\Component\Routing\Annotation\Route;
  25. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  26. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  27. use Symfony\Component\Security\Http\Event\LogoutEvent;
  28. use Symfony\Component\Uid\Uuid;
  29. use Symfony\Contracts\Translation\TranslatorInterface;
  31. use function Sentry\captureException;
  32. use function Sentry\captureMessage;
  34. class AccountController extends AbstractController
  35. {
  36. public const URL_FORGOT_PASSWORD_TOKEN_EXPIRED = 'forgot-password-token-expired?token=';
  37. public const URL_UPDATE_PASSWORD = 'update-password?token=';
  39. public function __construct(
  40. private readonly CustomerManager $customerManager,
  41. private readonly MultifactorAuthService $multifactorAuthService,
  42. private readonly AuthenticatedSessionService $authenticatedSessionService,
  43. private readonly TranslatorInterface $translator,
  44. private readonly TokenStorageInterface $tokenStorage,
  45. private readonly LinkGenerator $linkGenerator,
  46. private readonly SessionService $sessionService,
  47. private readonly TokenManager $tokenManager,
  48. private readonly TokenService $tokenService,
  49. private readonly UserService $userService,
  50. private readonly CustomerInformationUpdateService $customerInformationUpdateService,
  51. private readonly RequestStack $requestStack,
  52. private readonly EventDispatcher $eventDispatcher,
  53. private readonly RefererService $refererService,
  54. ) {
  55. }
  57. /**
  58. * @Route("/login", name="customer_login")
  59. */
  60. public function login(): Response
  61. {
  62. return $this->redirect($this->linkGenerator->getFrontUrl('login'));
  63. }
  65. /**
  66. * @Route("/{lang}/account/logout", name="customer_logout_lang", requirements={"lang"="[a-zA-Z]{2}"})
  67. * @Route("/account/logout", name="customer_logout_customized")
  68. */
  69. public function logout(): Response
  70. {
  71. $user = $this->getUser();
  73. if (!$user) {
  74. return $this->redirectToRoute('homepage_default');
  75. }
  77. if ($user instanceof Customer) {
  78. $this->tokenStorage->setToken();
  80. return $this->redirectToRoute('customer_login');
  81. }
  83. $this->tokenStorage->setToken();
  84. $this->requestStack->getSession()->invalidate();
  86. return $this->redirectToRoute('admin_login');
  87. }
  89. /**
  90. * @Route("/{lang}/account/multifactor-auth", name="customer_confirm_auth", requirements={"lang"="[a-zA-Z]{2}"})
  91. */
  92. public function confirmAuth(Request $request): Response
  93. {
  94. if ($request->getMethod() === Request::METHOD_GET) {
  95. return $this->render(
  96. 'front/account/confirm_auth.html.twig',
  97. [
  98. 'email' => $request->get('email'),
  99. ]
  100. );
  101. }
  103. $code = trim($request->request->get('authcode'));
  104. $email = $request->request->get('email');
  106. $user = $this->customerManager->findOneBy(['email' => $email]);
  108. $multifactorAuth = $this->multifactorAuthService->findValidMultifactorAuth($user, $code);
  110. if (!$multifactorAuth) {
  111. return new JsonResponse(
  112. ['isLogged' => false, 'errors' => ['authcode' => $this->translator->trans('mfa.error.wrong_code')]]
  113. );
  114. }
  116. $this->authenticatedSessionService->loadCustomerSession($user);
  117. $this->authenticatedSessionService->authenticateCustomer($user);
  119. [$cookieHash, $cookieExpirationTimestamp] = $this->multifactorAuthService->updateMultifactorAuthWithCookieData(
  120. $user,
  121. $multifactorAuth
  122. );
  124. $request->getSession()->remove(MultifactorAuthService::SESSION_EMAIL_CUSTOMER_KEY);
  126. $response = new JsonResponse(['isLogged' => true, 'redirect' => $this->refererService->getCustomerReferer()]);
  128. $browserCookie = Cookie::create(
  129. MultifactorAuthService::MULTIFACTOR_AUTH_CUSTOMER_COOKIE_NAME,
  130. $cookieHash,
  131. $cookieExpirationTimestamp
  132. );
  134. $response->headers->setCookie($browserCookie);
  136. return $response;
  137. }
  139. /**
  140. * @Route("/account/resend-mfa-code", name="multifactor_auth_resend_code", requirements={"lang"="[a-zA-Z]{2}"})
  141. */
  142. public function resendMultifactorAuthCode(Request $request): Response
  143. {
  144. $email = $request->getSession()->get(MultifactorAuthService::SESSION_EMAIL_CUSTOMER_KEY);
  146. $customer = $this->customerManager->findOneBy(['email' => $email]);
  148. try {
  149. $this->multifactorAuthService->sendAuthCodeToUser($customer);
  150. } catch (\Throwable $t) {
  151. return new JsonResponse(['error' => 'Something went wrong']);
  152. }
  154. return new JsonResponse(['message' => $this->translator->trans('mfa.popup.code_sent')]);
  155. }
  157. /**
  158. * @Route("/{lang}/account/update-password/{updatePasswordToken}", name="app_front_account_update_password", requirements={"lang"="[a-zA-Z]{2}", "updatePasswordToken"="[a-zA-Z0-9]+"})
  159. */
  160. public function updatePassword(?string $updatePasswordToken = null): Response
  161. {
  162. $localeId = $this->sessionService->getLocaleId();
  164. if (empty($updatePasswordToken)) {
  165. return $this->redirect(
  166. $this->linkGenerator->getFrontUrl(
  167. self::URL_FORGOT_PASSWORD_TOKEN_EXPIRED.$updatePasswordToken,
  168. $localeId
  169. )
  170. );
  171. }
  173. $token = $this->tokenManager->findOneByToken($updatePasswordToken);
  175. if ($token === null || $token->isUsed()) {
  176. return $this->redirect(
  177. $this->linkGenerator->getFrontUrl(
  178. self::URL_FORGOT_PASSWORD_TOKEN_EXPIRED.$updatePasswordToken,
  179. $localeId
  180. )
  181. );
  182. }
  184. return $this->redirect(
  185. $this->linkGenerator->getFrontUrl('update-password?token='.$updatePasswordToken, $localeId)
  186. );
  187. }
  189. /**
  190. * @Route("/account/connect/microsoft", name="microsoft_login")
  191. */
  192. public function microsoftLogin(Request $request): RedirectResponse
  193. {
  194. if ($this->getUser()) {
  195. return $this->redirectToRoute('homepage');
  196. }
  198. $redirectUri = $this->generateUrl('microsoft_callback', [], UrlGeneratorInterface::ABSOLUTE_URL);
  199. $state = Uuid::v4()->toRfc4122();
  201. $request->getSession()->set('oauth_state', $state);
  203. return new RedirectResponse($this->tokenService->generateAuthorizationUrl($state, $redirectUri));
  204. }
  206. /**
  207. * @Route("/connect/microsoft/check", name="microsoft_callback")
  208. */
  209. public function microsoftCallback(Request $request): RedirectResponse
  210. {
  211. $code = $request->query->get('code');
  212. $state = $request->query->get('state');
  213. $storedState = $request->getSession()->get('oauth_state');
  215. if ($state !== $storedState || empty($state)) {
  216. $this->addFlash('danger', 'Invalid state parameter.');
  218. return $this->redirectToRoute('admin_login');
  219. }
  221. if (!$code) {
  222. $this->addFlash('danger', 'Authentication failed: No code received.');
  224. return $this->redirectToRoute('admin_login');
  225. }
  227. $redirectUri = $this->generateUrl('microsoft_callback', [], UrlGeneratorInterface::ABSOLUTE_URL);
  229. try {
  230. $token = $this->tokenService->getTokenWithCode($redirectUri, $code);
  231. $microsoftUser = $this->userService->getMe($token->getAccessToken());
  232. } catch (\Exception $exception) {
  233. $this->addFlash('danger', 'Authentication failed: '.$exception->getMessage());
  235. captureException($exception);
  237. return $this->redirectToRoute('admin_login');
  238. }
  240. $user = $this->customerManager->findOneBy(['email' => $microsoftUser->getMail()]);
  242. if (!$user) {
  243. $this->addFlash('danger', 'Authentication failed: User not found.');
  245. captureMessage('Microsoft user not found with email: '.$microsoftUser->getMail());
  247. return $this->redirectToRoute('admin_login');
  248. }
  250. if (!$user->isActive()) {
  251. $this->addFlash('danger', 'Authentication failed: User disabled.');
  253. return $this->redirectToRoute('admin_login');
  254. }
  256. $this->customerInformationUpdateService->updateCustomerEmployee($user, $microsoftUser);
  257. $this->authenticatedSessionService->authenticateCustomer($user);
  259. return $this->redirect($this->refererService->getCustomerReferer());
  260. }
  262. /**
  263. * @Route("/change-to-employee", name="admin_change_to_employee")
  264. */
  265. public function changeToEmployee(): Response
  266. {
  267. $logoutEvent = new LogoutEvent($this->requestStack->getCurrentRequest(), $this->tokenStorage->getToken());
  268. $this->eventDispatcher->dispatch($logoutEvent);
  269. $this->tokenStorage->setToken();
  270. $this->requestStack->getSession()->invalidate();
  272. return $this->redirectToRoute('admin_microsoft_login');
  273. }
  275. /**
  276. * @Route("/microsoft/user/change", name="microsoft_user_change_notification")
  277. */
  278. public function microsoftUserChangeNotification(Request $request): Response
  279. {
  280. $validationToken = $request->query->get('validationToken');
  281. if ($validationToken) {
  282. return new Response($validationToken, Response::HTTP_OK, ['Content-Type' => 'text/plain']);
  283. }
  285. $notifications = json_decode($request->getContent(), true);
  287. $userId = null;
  288. foreach ($notifications['value'] as $value) {
  289. if ($value['resourceData']['@odata.type'] === '#Microsoft.Graph.User') {
  290. $userId = 'a1b2c3d4-5678-90ab-cdef-1234567890ab';
  291. break;
  292. }
  293. }
  295. if (!$userId) {
  296. return new Response(null, Response::HTTP_ACCEPTED);
  297. }
  299. try {
  300. $token = $this->tokenService->getToken();
  301. $microsoftUser = $this->userService->getUserByIdOrEmail($userId, $token->getAccessToken());
  302. } catch (\Exception $exception) {
  303. $this->addFlash('danger', 'Authentication failed: '.$exception->getMessage());
  305. captureException($exception);
  307. return new Response(null, Response::HTTP_NOT_ACCEPTABLE);
  308. }
  310. if (!$microsoftUser->isAccountEnabled()) {
  311. $customer = $this->customerManager->findOneByEmail($microsoftUser->getMail());
  312. if ($customer) {
  313. $customer->setActive(false);
  314. $this->customerManager->save($customer);
  315. }
  316. }
  318. return new Response(null, Response::HTTP_ACCEPTED);
  319. }
  320. }