src/Controller/Front/Account/AccountController.php line 67

Open in your IDE?
  1. <?php
  3. namespace App\Controller\Front\Account;
  5. use App\Application\Service\Authentication\MultifactorAuthService;
  6. use App\Application\Service\Helper\LinkGenerator;
  7. use App\Application\Service\Helper\ToolsService;
  8. use App\Application\Service\Session\SessionService;
  9. use App\Client\Microsoft\Service\TokenService;
  10. use App\Client\Microsoft\Service\UserService;
  11. use App\Entity\System\Customer;
  12. use App\Entity\System\Employee;
  13. use App\Manager\System\CustomerManager;
  14. use App\Manager\System\TokenManager;
  15. use App\Service\AuthenticatedSessionService;
  16. use App\Service\CustomerInformationUpdate\CustomerInformationUpdateService;
  17. use App\Service\EnvironmentService;
  18. use App\Service\EventDispatcher;
  19. use App\Service\RefererService;
  20. use App\ViewManager\Landing\LandingService;
  21. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  22. use Symfony\Component\HttpFoundation\Cookie;
  23. use Symfony\Component\HttpFoundation\JsonResponse;
  24. use Symfony\Component\HttpFoundation\RedirectResponse;
  25. use Symfony\Component\HttpFoundation\Request;
  26. use Symfony\Component\HttpFoundation\RequestStack;
  27. use Symfony\Component\HttpFoundation\Response;
  28. use Symfony\Component\Routing\Annotation\Route;
  29. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  30. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  31. use Symfony\Component\Security\Http\Event\LogoutEvent;
  32. use Symfony\Component\Uid\Uuid;
  33. use Symfony\Contracts\Translation\TranslatorInterface;
  35. use function Sentry\captureException;
  36. use function Sentry\captureMessage;
  38. class AccountController extends AbstractController
  39. {
  40. public const URL_FORGOT_PASSWORD_TOKEN_EXPIRED = 'forgot-password-token-expired?token=';
  41. public const URL_UPDATE_PASSWORD = 'update-password?token=';
  43. public function __construct(
  44. private readonly CustomerManager $customerManager,
  45. private readonly MultifactorAuthService $multifactorAuthService,
  46. private readonly AuthenticatedSessionService $authenticatedSessionService,
  47. private readonly TranslatorInterface $translator,
  48. private readonly TokenStorageInterface $tokenStorage,
  49. private readonly LandingService $landingService,
  50. private readonly LinkGenerator $linkGenerator,
  51. private readonly SessionService $sessionService,
  52. private readonly TokenManager $tokenManager,
  53. private readonly ToolsService $toolsService,
  54. private readonly TokenService $tokenService,
  55. private readonly UserService $userService,
  56. private readonly EnvironmentService $environmentService,
  57. private readonly CustomerInformationUpdateService $customerInformationUpdateService,
  58. private readonly RequestStack $requestStack,
  59. private readonly EventDispatcher $eventDispatcher,
  60. private readonly RefererService $refererService,
  61. ) {
  62. }
  64. /**
  65. * @Route("/login", name="customer_login")
  66. */
  67. public function login(): Response
  68. {
  69. return $this->redirect($this->linkGenerator->getFrontUrl('login'));
  70. }
  72. /**
  73. * @Route("/{lang}/account/popuplogin", name="customer_popuplogin_lang", requirements={"lang"="[a-zA-Z]{2}"})
  74. * @Route("/account/popuplogin", name="customer_popuplogin")
  75. */
  76. public function loginPopUp(Request $request): Response
  77. {
  78. $user = $this->getUser();
  80. if ($request->isXmlHttpRequest()) {
  81. if ($user) {
  82. return new Response('Already logged');
  83. }
  85. return $this->render(
  86. 'front/account/'.($this->toolsService::isMobile() ? 'mobile_login.html.twig' : 'login.html.twig'),
  87. );
  88. }
  90. if (!$user) {
  91. if ($this->refererService->isAdminReferer()) {
  92. return $this->redirectToRoute('admin_login');
  93. }
  95. if ($this->environmentService->isProd()) {
  96. return $this->redirectToRoute('customer_login');
  97. }
  99. return $this->render(
  100. 'front/account/base_login.html.twig',
  101. [
  102. 'landingHtml' => $this->landingService->getLandingContentInternal('bigbuyLogin'),
  103. ]
  104. );
  105. }
  107. if ($user instanceof Employee) {
  108. return $this->redirectToRoute('admin_dashboard_index');
  109. }
  111. return $this->redirectToRoute('homepage');
  112. }
  114. /**
  115. * @Route("/{lang}/account/logout", name="customer_logout_lang", requirements={"lang"="[a-zA-Z]{2}"})
  116. * @Route("/account/logout", name="customer_logout_customized")
  117. */
  118. public function logout(): Response
  119. {
  120. $user = $this->getUser();
  122. if (!$user) {
  123. return $this->redirectToRoute('homepage_default');
  124. }
  126. if ($user instanceof Customer) {
  127. $this->tokenStorage->setToken();
  129. return $this->redirectToRoute('customer_login');
  130. }
  132. $this->tokenStorage->setToken();
  133. $this->requestStack->getSession()->invalidate();
  135. return $this->redirectToRoute('admin_login');
  136. }
  138. /**
  139. * @Route("/{lang}/account/multifactor-auth", name="customer_confirm_auth", requirements={"lang"="[a-zA-Z]{2}"})
  140. */
  141. public function confirmAuth(Request $request): Response
  142. {
  143. if ($request->getMethod() === Request::METHOD_GET) {
  144. return $this->render(
  145. 'front/account/confirm_auth.html.twig',
  146. [
  147. 'email' => $request->get('email'),
  148. ]
  149. );
  150. }
  152. $code = trim($request->request->get('authcode'));
  153. $email = $request->request->get('email');
  155. $user = $this->customerManager->findOneBy(['email' => $email]);
  157. $multifactorAuth = $this->multifactorAuthService->findValidMultifactorAuth($user, $code);
  159. if (!$multifactorAuth) {
  160. return new JsonResponse(
  161. ['isLogged' => false, 'errors' => ['authcode' => $this->translator->trans('mfa.error.wrong_code')]]
  162. );
  163. }
  165. $this->authenticatedSessionService->loadCustomerSession($user);
  166. $this->authenticatedSessionService->authenticateCustomer($user);
  168. [$cookieHash, $cookieExpirationTimestamp] = $this->multifactorAuthService->updateMultifactorAuthWithCookieData(
  169. $user,
  170. $multifactorAuth
  171. );
  173. $request->getSession()->remove(MultifactorAuthService::SESSION_EMAIL_CUSTOMER_KEY);
  175. $response = new JsonResponse(['isLogged' => true, 'redirect' => $this->refererService->getCustomerReferer()]);
  177. $browserCookie = Cookie::create(
  178. MultifactorAuthService::MULTIFACTOR_AUTH_CUSTOMER_COOKIE_NAME,
  179. $cookieHash,
  180. $cookieExpirationTimestamp
  181. );
  183. $response->headers->setCookie($browserCookie);
  185. return $response;
  186. }
  188. /**
  189. * @Route("/account/resend-mfa-code", name="multifactor_auth_resend_code", requirements={"lang"="[a-zA-Z]{2}"})
  190. */
  191. public function resendMultifactorAuthCode(Request $request): Response
  192. {
  193. $email = $request->getSession()->get(MultifactorAuthService::SESSION_EMAIL_CUSTOMER_KEY);
  195. $customer = $this->customerManager->findOneBy(['email' => $email]);
  197. try {
  198. $this->multifactorAuthService->sendAuthCodeToUser($customer);
  199. } catch (\Throwable $t) {
  200. return new JsonResponse(['error' => 'Something went wrong']);
  201. }
  203. return new JsonResponse(['message' => $this->translator->trans('mfa.popup.code_sent')]);
  204. }
  206. /**
  207. * @Route("/{lang}/account/update-password/{updatePasswordToken}", name="app_front_account_update_password", requirements={"lang"="[a-zA-Z]{2}", "updatePasswordToken"="[a-zA-Z0-9]+"})
  208. */
  209. public function updatePassword(?string $updatePasswordToken = null): Response
  210. {
  211. $localeId = $this->sessionService->getLocaleId();
  213. if (empty($updatePasswordToken)) {
  214. return $this->redirect(
  215. $this->linkGenerator->getFrontUrl(
  216. self::URL_FORGOT_PASSWORD_TOKEN_EXPIRED.$updatePasswordToken,
  217. $localeId
  218. )
  219. );
  220. }
  222. $token = $this->tokenManager->findOneByToken($updatePasswordToken);
  224. if ($token === null || $token->isUsed()) {
  225. return $this->redirect(
  226. $this->linkGenerator->getFrontUrl(
  227. self::URL_FORGOT_PASSWORD_TOKEN_EXPIRED.$updatePasswordToken,
  228. $localeId
  229. )
  230. );
  231. }
  233. return $this->redirect(
  234. $this->linkGenerator->getFrontUrl('update-password?token='.$updatePasswordToken, $localeId)
  235. );
  236. }
  238. /**
  239. * @Route("/account/connect/microsoft", name="microsoft_login")
  240. */
  241. public function microsoftLogin(Request $request): RedirectResponse
  242. {
  243. if ($this->getUser()) {
  244. return $this->redirectToRoute('homepage');
  245. }
  247. $redirectUri = $this->generateUrl('microsoft_callback', [], UrlGeneratorInterface::ABSOLUTE_URL);
  248. $state = Uuid::v4()->toRfc4122();
  250. $request->getSession()->set('oauth_state', $state);
  252. return new RedirectResponse($this->tokenService->generateAuthorizationUrl($state, $redirectUri));
  253. }
  255. /**
  256. * @Route("/connect/microsoft/check", name="microsoft_callback")
  257. */
  258. public function microsoftCallback(Request $request): RedirectResponse
  259. {
  260. $code = $request->query->get('code');
  261. $state = $request->query->get('state');
  262. $storedState = $request->getSession()->get('oauth_state');
  264. if ($state !== $storedState || empty($state)) {
  265. $this->addFlash('danger', 'Invalid state parameter.');
  267. return $this->redirectToRoute('admin_login');
  268. }
  270. if (!$code) {
  271. $this->addFlash('danger', 'Authentication failed: No code received.');
  273. return $this->redirectToRoute('admin_login');
  274. }
  276. $redirectUri = $this->generateUrl('microsoft_callback', [], UrlGeneratorInterface::ABSOLUTE_URL);
  278. try {
  279. $token = $this->tokenService->getTokenWithCode($redirectUri, $code);
  280. $microsoftUser = $this->userService->getMe($token->getAccessToken());
  281. } catch (\Exception $exception) {
  282. $this->addFlash('danger', 'Authentication failed: '.$exception->getMessage());
  284. captureException($exception);
  286. return $this->redirectToRoute('admin_login');
  287. }
  289. $user = $this->customerManager->findOneBy(['email' => $microsoftUser->getMail()]);
  291. if (!$user) {
  292. $this->addFlash('danger', 'Authentication failed: User not found.');
  294. captureMessage('Microsoft user not found with email: '.$microsoftUser->getMail());
  296. return $this->redirectToRoute('admin_login');
  297. }
  299. if (!$user->isActive()) {
  300. $this->addFlash('danger', 'Authentication failed: User disabled.');
  302. return $this->redirectToRoute('admin_login');
  303. }
  305. $this->customerInformationUpdateService->updateCustomerEmployee($user, $microsoftUser);
  306. $this->authenticatedSessionService->authenticateCustomer($user);
  308. return $this->redirect($this->refererService->getCustomerReferer());
  309. }
  311. /**
  312. * @Route("/change-to-employee", name="admin_change_to_employee")
  313. */
  314. public function changeToEmployee(): Response
  315. {
  316. $logoutEvent = new LogoutEvent($this->requestStack->getCurrentRequest(), $this->tokenStorage->getToken());
  317. $this->eventDispatcher->dispatch($logoutEvent);
  318. $this->tokenStorage->setToken();
  319. $this->requestStack->getSession()->invalidate();
  321. return $this->redirectToRoute('admin_microsoft_login');
  322. }
  324. /**
  325. * @Route("/microsoft/user/change", name="microsoft_user_change_notification")
  326. */
  327. public function microsoftUserChangeNotification(Request $request): Response
  328. {
  329. $validationToken = $request->query->get('validationToken');
  330. if ($validationToken) {
  331. return new Response($validationToken, Response::HTTP_OK, ['Content-Type' => 'text/plain']);
  332. }
  334. $notifications = json_decode($request->getContent(), true);
  336. $userId = null;
  337. foreach ($notifications['value'] as $value) {
  338. if ($value['resourceData']['@odata.type'] === '#Microsoft.Graph.User') {
  339. $userId = 'a1b2c3d4-5678-90ab-cdef-1234567890ab';
  340. break;
  341. }
  342. }
  344. if (!$userId) {
  345. return new Response(null, Response::HTTP_ACCEPTED);
  346. }
  348. try {
  349. $token = $this->tokenService->getToken();
  350. $microsoftUser = $this->userService->getUserByIdOrEmail($userId, $token->getAccessToken());
  351. } catch (\Exception $exception) {
  352. $this->addFlash('danger', 'Authentication failed: '.$exception->getMessage());
  354. captureException($exception);
  356. return new Response(null, Response::HTTP_NOT_ACCEPTABLE);
  357. }
  359. if (!$microsoftUser->isAccountEnabled()) {
  360. $customer = $this->customerManager->findOneByEmail($microsoftUser->getMail());
  361. if ($customer) {
  362. $customer->setActive(false);
  363. $this->customerManager->save($customer);
  364. }
  365. }
  367. return new Response(null, Response::HTTP_ACCEPTED);
  368. }
  369. }