src/Controller/AccountController.php line 489

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under two different licenses:
  7.  * - GNU General Public License version 3 (GPLv3)
  8.  * - Pimcore Enterprise License (PEL)
  9.  * Full copyright and license information is available in
  10.  * LICENSE.md which is distributed with this source code.
  11.  *
  12.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  13.  *  @license    http://www.pimcore.org/license     GPLv3 and PEL
  14.  */
  16. namespace App\Controller;
  18. use App\EventListener\AuthenticationLoginListener;
  19. use App\Form\LoginFormType;
  20. use App\Form\RegistrationFormHandler;
  21. use App\Form\RegistrationFormType;
  22. use App\Model\Customer;
  23. use App\Services\NewsletterDoubleOptInService;
  24. use App\Services\PasswordRecoveryService;
  25. use CustomerManagementFrameworkBundle\CustomerProvider\CustomerProviderInterface;
  26. use CustomerManagementFrameworkBundle\CustomerSaveValidator\Exception\DuplicateCustomerException;
  27. use CustomerManagementFrameworkBundle\Model\CustomerInterface;
  28. use CustomerManagementFrameworkBundle\Security\Authentication\LoginManagerInterface;
  29. use CustomerManagementFrameworkBundle\Security\OAuth\Exception\AccountNotLinkedException;
  30. use CustomerManagementFrameworkBundle\Security\OAuth\OAuthRegistrationHandler;
  31. use CustomerManagementFrameworkBundle\Security\SsoIdentity\SsoIdentityServiceInterface;
  32. use HWI\Bundle\OAuthBundle\OAuth\Response\UserResponseInterface;
  33. use HWI\Bundle\OAuthBundle\Security\Core\Authentication\Token\OAuthToken;
  34. use Pimcore\Bundle\EcommerceFrameworkBundle\Factory;
  35. use Pimcore\Bundle\EcommerceFrameworkBundle\OrderManager\Order\Listing\Filter\CustomerObject;
  36. use Pimcore\DataObject\Consent\Service;
  37. use Pimcore\Model\DataObject;
  38. use Pimcore\Translation\Translator;
  39. use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
  40. use Symfony\Component\HttpFoundation\RedirectResponse;
  41. use Symfony\Component\HttpFoundation\Request;
  42. use Symfony\Component\HttpFoundation\Response;
  43. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  44. use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
  45. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  46. use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
  47. use Symfony\Component\Routing\Annotation\Route;
  48. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  49. use Symfony\Component\Security\Core\User\UserInterface;
  50. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  51. use Symfony\Component\Uid\Uuid;
  52. use Symfony\Component\Security\Http\FirewallMapInterface;
  54. /**
  55.  * Class AccountController
  56.  *
  57.  * Controller that handles all account functionality, including register, login and connect to SSO profiles
  58.  */
  59. class AccountController extends BaseController
  60. {
  61.     /**
  62.      * @Route("/account/login", name="account-login")
  63.      *
  64.      * @param AuthenticationUtils $authenticationUtils
  65.      * @param OAuthRegistrationHandler $oAuthHandler
  66.      * @param SessionInterface $session
  67.      * @param Request $request
  68.      * @param UserInterface|null $user
  69.      *
  70.      * @return Response|RedirectResponse
  71.      */
  72.     public function loginAction(
  73.         AuthenticationUtils $authenticationUtils,
  74.         OAuthRegistrationHandler $oAuthHandler,
  75.         SessionInterface $session,
  76.         Request $request,
  77.         UserInterface $user null,
  78.         FirewallMapInterface $firewallMap
  79.     ) {
  80.         //redirect user to index page if logged in
  81.         if ($user && $this->isGranted('ROLE_USER')) {
  82.             return $this->redirect('/workplace/dashboard');
  83.             /* return $this->redirectToRoute('account-index'); */
  84.         }
  85.         // dump($user);
  86.         // get the login error if there is one
  87.         $error $authenticationUtils->getLastAuthenticationError();
  89.         // OAuth handling - the OAuth authenticator is configured to return to the login page on errors
  90.         // (see failure_path configuration) - therefore we can fetch the last authentication error
  91.         // here. If the error is an AccountNotLinkedException (as thrown by our user provider) save the
  92.         // OAuth token to the session and redirect to registration with a special key which can be used
  93.         // to load the token to prepopulate the registration form with account data.
  94.         if ($error instanceof AccountNotLinkedException) {
  95.             // this can be anything - for simplicity we just use an UUID as it is unique and random
  96.             $registrationKey = (string) Uuid::v4()->toRfc4122();
  97.             $oAuthHandler->saveToken($registrationKey$error->getToken());
  99.             return $this->redirectToRoute('account-register', [
  100.                 'registrationKey' => $registrationKey
  101.             ]);
  102.         }
  104.         // last username entered by the user
  105.         $lastUsername $authenticationUtils->getLastUsername();
  107.         $formData = [
  108.             '_username' => $lastUsername
  109.         ];
  111.         $form $this->createForm(LoginFormType::class, $formData, [
  112.             'action' => $this->generateUrl('account-login'),
  113.         ]);
  115.         //store referer in session to get redirected after login
  116.         // if (!$request->get('no-referer-redirect')) {
  117.         //     $session->set('_security.demo_frontend.target_path', $request->headers->get('referer'));
  118.         // }
  119.         // dump($session);
  120.         // die();
  122.         $referer $request->query->get('referer');
  124.         if ($referer) {
  125.             $session->set('_security.demo_frontend.target_path'$referer);
  126.         }
  128.         return $this->render('account/login.html.twig', [
  129.             'form' => $form->createView(),
  130.             'error' => $error,
  131.             'hideBreadcrumbs' => true
  132.         ]);
  133.     }
  135.     /**
  136.      * If registration is called with a registration key, the key will be used to look for an existing OAuth token in
  137.      * the session. This OAuth token will be used to fetch user info which can be used to pre-populate the form and to
  138.      * link a SSO identity to the created customer object.
  139.      *
  140.      * This could be further separated into services, but was kept as single method for demonstration purposes as the
  141.      * registration process is different on every project.
  142.      *
  143.      * @Route("/account/register", name="account-register")
  144.      *
  145.      * @param Request $request
  146.      * @param CustomerProviderInterface $customerProvider
  147.      * @param OAuthRegistrationHandler $oAuthHandler
  148.      * @param LoginManagerInterface $loginManager
  149.      * @param RegistrationFormHandler $registrationFormHandler
  150.      * @param SessionInterface $session
  151.      * @param AuthenticationLoginListener $authenticationLoginListener
  152.      * @param Translator $translator
  153.      * @param Service $consentService
  154.      * @param UrlGeneratorInterface $urlGenerator
  155.      * @param NewsletterDoubleOptInService $newsletterDoubleOptInService
  156.      * @param UserInterface|null $user
  157.      *
  158.      * @return Response|RedirectResponse
  159.      */
  160.     public function registerAction(
  161.         Request $request,
  162.         CustomerProviderInterface $customerProvider,
  163.         OAuthRegistrationHandler $oAuthHandler,
  164.         LoginManagerInterface $loginManager,
  165.         RegistrationFormHandler $registrationFormHandler,
  166.         SessionInterface $session,
  167.         AuthenticationLoginListener $authenticationLoginListener,
  168.         Translator $translator,
  169.         Service $consentService,
  170.         UrlGeneratorInterface $urlGenerator,
  171.         NewsletterDoubleOptInService $newsletterDoubleOptInService,
  172.         UserInterface $user null
  173.     ) {
  175.         //redirect user to index page if logged in
  176.         if ($user && $this->isGranted('ROLE_USER')) {
  177.             return $this->redirectToRoute('account-index');
  178.         }
  180.         $registrationKey $request->get('registrationKey');
  182.         // create a new, empty customer instance
  183.         /** @var CustomerInterface|\Pimcore\Model\DataObject\Customer $customer */
  184.         $customer $customerProvider->create();
  186.         /** @var OAuthToken $oAuthToken */
  187.         $oAuthToken null;
  189.         /** @var UserResponseInterface $oAuthUserInfo */
  190.         $oAuthUserInfo null;
  192.         // load previously stored token from the session and try to load user profile
  193.         // from provider
  194.         if (null !== $registrationKey) {
  195.             $oAuthToken $oAuthHandler->loadToken($registrationKey);
  196.             $oAuthUserInfo $oAuthHandler->loadUserInformation($oAuthToken);
  197.         }
  199.         if (null !== $oAuthUserInfo) {
  200.             // try to load a customer with the given identity from our storage. if this succeeds, we can't register
  201.             // the customer and should either log in the existing identity or show an error. for simplicity, we just
  202.             // throw an exception here.
  203.             // this shouldn't happen as the login would log in the user if found
  204.             if ($oAuthHandler->getCustomerFromUserResponse($oAuthUserInfo)) {
  205.                 throw new \RuntimeException('Customer is already registered');
  206.             }
  207.         }
  209.         // the registration form handler is just a utility class to map pimcore object data to form
  210.         // and vice versa.
  211.         $formData $registrationFormHandler->buildFormData($customer);
  212.         $hidePassword false;
  213.         if (null !== $oAuthToken) {
  214.             $formData $this->mergeOAuthFormData($formData$oAuthUserInfo);
  215.             $hidePassword true;
  216.         }
  218.         // build the registration form and pre-fill it with customer data
  219.         $form $this->createForm(RegistrationFormType::class, $formData, ['hidePassword' => $hidePassword]);
  220.         $form->handleRequest($request);
  222.         $errors = [];
  223.         if ($form->isSubmitted() && $form->isValid()) {
  224.             $registrationFormHandler->updateCustomerFromForm($customer$form);
  225.             $customer->setCustomerLanguage($request->getLocale());
  226.             $customer->setActive(true);
  228.             try {
  229.                 $customer->save();
  231.                 if ($form->getData()['newsletter']) {
  232.                     $consentService->giveConsent($customer'newsletter'$translator->trans('general.newsletter'));
  233.                     $newsletterDoubleOptInService->sendDoubleOptInMail($customer$this->document->getProperty('newsletter_confirm_mail'));
  234.                 }
  235.                 if ($form->getData()['profiling']) {
  236.                     $consentService->giveConsent($customer'profiling'$translator->trans('general.profiling'));
  237.                 }
  239.                 // add SSO identity from OAuth data
  240.                 if (null !== $oAuthUserInfo) {
  241.                     $oAuthHandler->connectSsoIdentity($customer$oAuthUserInfo);
  242.                 }
  244.                 //check if special redirect is necessary
  245.                 if ($session->get('referrer')) {
  246.                     $response $this->redirect($session->get('referrer'));
  247.                     $session->remove('referrer');
  248.                 } else {
  249.                     $response $this->redirectToRoute('account-index');
  250.                 }
  252.                 // log user in manually
  253.                 // pass response to login manager as it adds potential remember me cookies
  254.                 $loginManager->login($customer$request$response);
  256.                 //do ecommerce framework login
  257.                 $authenticationLoginListener->doEcommerceFrameworkLogin($customer);
  259.                 return $response;
  260.             } catch (DuplicateCustomerException $e) {
  261.                 $errors[] = $translator->trans(
  262.                     'account.customer-already-exists',
  263.                     [
  264.                         $customer->getEmail(),
  265.                         $urlGenerator->generate('account-password-send-recovery', ['email' => $customer->getEmail()])
  266.                     ]
  267.                 );
  268.             } catch (\Exception $e) {
  269.                 $errors[] = $e->getMessage();
  270.             }
  271.         }
  273.         if ($form->isSubmitted() && !$form->isValid()) {
  274.             foreach ($form->getErrors() as $error) {
  275.                 $errors[] = $error->getMessage();
  276.             }
  277.         }
  279.         // re-save user info to session as we need it in subsequent requests (e.g. after form errors) or
  280.         // when form is rendered for the first time
  281.         if (null !== $registrationKey && null !== $oAuthToken) {
  282.             $oAuthHandler->saveToken($registrationKey$oAuthToken);
  283.         }
  285.         return $this->render('account/register.html.twig', [
  286.             'customer' => $customer,
  287.             'form' => $form->createView(),
  288.             'errors' => $errors,
  289.             'hideBreadcrumbs' => true,
  290.             'hidePassword' => $hidePassword
  291.         ]);
  292.     }
  294.     /**
  295.      * Special route for connecting to social profiles that saves referrer in session for later
  296.      * redirect to that referrer
  297.      *
  298.      * @param Request $request
  299.      * @param SessionInterface $session
  300.      * @param $service
  301.      *
  302.      * @return Response
  303.      * @Route("/auth/oauth/referrerLogin/{service}", name="app_auth_oauth_login_referrer")
  304.      */
  305.     public function connectAction(Request $requestSessionInterface $session$service)
  306.     {
  307.         // we overwrite this route to store user's referrer in the session
  308.         $session->set('referrer'$request->headers->get('referer'));
  310.         return $this->forward('HWIOAuthBundle:Connect:redirectToService', ['service' => $service]);
  311.     }
  313.     /**
  314.      * Connects an already logged in user to an auth provider
  315.      *
  316.      * @Route("/oauth/connect/{service}", name="app_auth_oauth_connect")
  317.      * @Security("is_granted('ROLE_USER')")
  318.      *
  319.      * @param Request $request
  320.      * @param OAuthRegistrationHandler $oAuthHandler
  321.      * @param UserInterface $user
  322.      * @param string $service
  323.      *
  324.      * @return RedirectResponse
  325.      */
  326.     public function oAuthConnectAction(
  327.         Request $request,
  328.         OAuthRegistrationHandler $oAuthHandler,
  329.         UserInterface $user,
  330.         string $service
  331.     ) {
  332.         $resourceOwner $oAuthHandler->getResourceOwner($service);
  334.         $redirectUrl $this->generateUrl('app_auth_oauth_connect', [
  335.             'service' => $service
  336.         ], UrlGeneratorInterface::ABSOLUTE_URL);
  338.         // redirect to authorization
  339.         if (!$resourceOwner->handles($request)) {
  340.             $authorizationUrl $oAuthHandler->getAuthorizationUrl($request$service$redirectUrl);
  342.             return $this->redirect($authorizationUrl);
  343.         }
  345.         // get access token from URL
  346.         $accessToken $resourceOwner->getAccessToken($request$redirectUrl);
  348.         // e.g. user cancelled auth on provider side
  349.         if (null === $accessToken) {
  350.             return $this->redirectToRoute('account-index');
  351.         }
  353.         $oAuthUserInfo $resourceOwner->getUserInformation($accessToken);
  355.         // we don't want to allow linking an OAuth account to multiple customers
  356.         if ($oAuthHandler->getCustomerFromUserResponse($oAuthUserInfo)) {
  357.             throw new \RuntimeException('There\'s already a customer registered with this provider identity');
  358.         }
  360.         // create a SSO identity object and save it to the user
  361.         $oAuthHandler->connectSsoIdentity($user$oAuthUserInfo);
  363.         // redirect to secure page which should now list the newly linked profile
  364.         return $this->redirectToRoute('account-index');
  365.     }
  367.     /**
  368.      *
  369.      * @param array $formData
  370.      * @param UserResponseInterface $userInformation
  371.      *
  372.      * @return array
  373.      */
  374.     private function mergeOAuthFormData(
  375.         array $formData,
  376.         UserResponseInterface $userInformation
  377.     ): array {
  378.         return array_replace([
  379.             'firstname' => $userInformation->getFirstName(),
  380.             'lastname' => $userInformation->getLastName(),
  381.             'email' => $userInformation->getEmail()
  382.         ], $formData);
  383.     }
  385.     /**
  386.      * Index page for account - it is restricted to ROLE_USER via security annotation
  387.      *
  388.      * @Route("/account/index", name="account-index")
  389.      * @Security("is_granted('ROLE_USER')")
  390.      *
  391.      * @param SsoIdentityServiceInterface $identityService
  392.      * @param UserInterface|null $user
  393.      *
  394.      * @return Response
  395.      */
  396.     public function indexAction(SsoIdentityServiceInterface $identityServiceUserInterface $user null)
  397.     {
  398.         $blacklist = [];
  399.         foreach ($identityService->getSsoIdentities($user) as $identity) {
  400.             $blacklist[] = $identity->getProvider();
  401.         }
  403.         $orderManager Factory::getInstance()->getOrderManager();
  404.         $orderList $orderManager->createOrderList();
  405.         $orderList->addFilter(new CustomerObject($user));
  406.         $orderList->setOrder('orderDate DESC');
  408.         return $this->render('account/index.html.twig', [
  409.             'blacklist' => $blacklist,
  410.             'orderList' => $orderList,
  411.             'hideBreadcrumbs' => true
  412.         ]);
  413.     }
  415.     /**
  416.      * @Route("/account/update-marketing", name="account-update-marketing-permission")
  417.      * @Security("is_granted('ROLE_USER')")
  418.      *
  419.      * @param Request $request
  420.      * @param Service $consentService
  421.      * @param Translator $translator
  422.      * @param NewsletterDoubleOptInService $newsletterDoubleOptInService
  423.      * @param UserInterface|null $user
  424.      *
  425.      * @return RedirectResponse
  426.      *
  427.      * @throws \Exception
  428.      */
  429.     public function updateMarketingPermissionAction(Request $requestService $consentServiceTranslator $translatorNewsletterDoubleOptInService $newsletterDoubleOptInServiceUserInterface $user null)
  430.     {
  431.         if ($user instanceof Customer) {
  432.             $currentNewsletterPermission $user->getNewsletter()->getConsent();
  433.             if (!$currentNewsletterPermission && $request->get('newsletter')) {
  434.                 $consentService->giveConsent($user'newsletter'$translator->trans('general.newsletter'));
  435.                 $newsletterDoubleOptInService->sendDoubleOptInMail($user$this->document->getProperty('newsletter_confirm_mail'));
  436.             } elseif ($currentNewsletterPermission && !$request->get('newsletter')) {
  437.                 $user->setNewsletterConfirmed(false);
  438.                 $consentService->revokeConsent($user'newsletter');
  439.             }
  441.             $currentProfilingPermission $user->getProfiling()->getConsent();
  442.             if (!$currentProfilingPermission && $request->get('profiling')) {
  443.                 $consentService->giveConsent($user'profiling'$translator->trans('general.profiling'));
  444.             } elseif ($currentProfilingPermission && !$request->get('profiling')) {
  445.                 $consentService->revokeConsent($user'profiling');
  446.             }
  448.             $user->save();
  450.             $this->addFlash('success'$translator->trans('account.marketing-permissions-updated'));
  451.         }
  453.         return $this->redirectToRoute('account-index');
  454.     }
  456.     /**
  457.      * @Route("/account/confirm-newsletter", name="account-confirm-newsletter")
  458.      *
  459.      * @param Request $request
  460.      * @param NewsletterDoubleOptInService $newsletterDoubleOptInService
  461.      * @param Translator $translator
  462.      *
  463.      * @return RedirectResponse
  464.      */
  465.     public function confirmNewsletterAction(Request $requestNewsletterDoubleOptInService $newsletterDoubleOptInServiceTranslator $translator)
  466.     {
  467.         $token $request->get('token');
  468.         $customer $newsletterDoubleOptInService->handleDoubleOptInConfirmation($token);
  469.         if ($customer) {
  470.             $this->addFlash('success'$translator->trans('account.marketing-permissions-confirmed-newsletter'));
  472.             return $this->redirectToRoute('account-index');
  473.         } else {
  474.             throw new NotFoundHttpException('Invalid token');
  475.         }
  476.     }
  478.     /**
  479.      * @Route("/account/send-password-recovery", name="account-password-send-recovery")
  480.      *
  481.      * @param Request $request
  482.      * @param PasswordRecoveryService $service
  483.      * @param Translator $translator
  484.      *
  485.      * @return Response
  486.      *
  487.      * @throws \Exception
  488.      */
  489.     public function sendPasswordRecoveryMailAction(Request $requestPasswordRecoveryService $serviceTranslator $translator)
  490.     {
  491.         if ($request->isMethod(Request::METHOD_POST)) {
  492.             $service->sendRecoveryMail($request->get('email'''), $this->document->getProperty('password_reset_mail'));
  493.             $this->addFlash('success'$translator->trans('account.reset-mail-sent-when-possible'));
  495.             return $this->redirectToRoute('account-login', ['no-referer-redirect' => true]);
  496.         }
  498.         return $this->render('account/send_password_recovery_mail.html.twig', [
  499.             'hideBreadcrumbs' => true,
  500.             'emailPrefill' => $request->get('email')
  501.         ]);
  502.     }
  504.     /**
  505.      * @Route("/account/reset-password", name="account-reset-password")
  506.      *
  507.      * @param Request $request
  508.      * @param PasswordRecoveryService $service
  509.      * @param Translator $translator
  510.      *
  511.      * @return Response|RedirectResponse
  512.      */
  513.     public function resetPasswordAction(Request $requestPasswordRecoveryService $serviceTranslator $translator)
  514.     {
  515.         $token $request->get('token');
  516.         $customer $service->getCustomerByToken($token);
  517.         if (!$customer) {
  518.             //TODO render error page
  519.             throw new NotFoundHttpException('Invalid token');
  520.         }
  522.         if ($request->isMethod(Request::METHOD_POST)) {
  523.             $newPassword $request->get('password');
  524.             $service->setPassword($token$newPassword);
  526.             $this->addFlash('success'$translator->trans('account.password-reset-successful'));
  528.             return $this->redirectToRoute('account-login', ['no-referer-redirect' => true]);
  529.         }
  531.         return $this->render('account/reset_password.html.twig', [
  532.             'hideBreadcrumbs' => true,
  533.             'token' => $token,
  534.             'email' => $customer->getEmail()
  535.         ]);
  536.     }
  538.     /**
  539.      * @Route("/api/check-email/{email}", name="check-email", methods="GET")
  540.      */
  541.     public function checkEmailAction($email)
  542.     {
  543.         $loggedUser $this->getUser();
  544.         if (!$loggedUser) {
  545.             throw new UnauthorizedHttpException('Not authorized.');
  546.         }
  548.         $entries = new DataObject\Customer\Listing();
  549.         $entries->setCondition("email LIKE ?", ["%" $email "%"]);
  550.         $entries->load();
  552.         if (!empty($entries->load())) {
  553.             throw new BadRequestHttpException('Email invalid.');
  554.         }
  556.         return new Response('OK'Response::HTTP_OK);
  557.     }
  558. }