src/Controller/UserController.php line 339

  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Controller;
  7. use App\Entity\Company;
  8. use App\Entity\Offer;
  9. use App\Entity\Team;
  10. use App\Entity\User;
  11. use App\Form\ProfileType;
  12. use App\Form\RegistrationType;
  13. use App\Form\ResetType;
  14. use App\Service\CompanyService;
  15. use App\Service\DropboxService;
  16. use App\Service\MailjetService;
  17. use App\Service\UserService;
  18. use App\Service\WidgetService;
  19. use Doctrine\ORM\EntityManagerInterface;
  20. use Exception;
  21. use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
  22. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  23. use Symfony\Component\HttpFoundation\JsonResponse;
  24. use Symfony\Component\HttpFoundation\RedirectResponse;
  25. use Symfony\Component\HttpFoundation\Request;
  26. use Symfony\Component\HttpFoundation\Response;
  27. use Symfony\Component\HttpFoundation\Session\Session;
  28. use Symfony\Component\Routing\Annotation\Route;
  29. use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
  30. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  31. use Symfony\Contracts\Translation\TranslatorInterface;
  33. final class UserController extends AbstractController
  34. {
  35.     public function __construct(
  36.         private readonly TranslatorInterface $translator,
  37.         private readonly EntityManagerInterface $em,
  38.         private readonly UserService $userService,
  39.         private readonly WidgetService $widgetService,
  40.         private readonly DropboxService $dropboxService
  41.     ) {
  42.     }
  44.     /**
  45.      * This will never be executed: Symfony will intercept this first and handle the logout automatically.
  46.      * See logout in config/packages/security.yaml
  47.      */
  48.     #[Route(path'/logout'name'logout')]
  49.     public function logout(): void
  50.     {
  51.         // @codeCoverageIgnoreStart
  52.         throw new Exception('This should never be reached!');
  53.         // @codeCoverageIgnoreEnd
  54.     }
  56.     /**
  57.      * Display login page
  58.      * The login action is automatically executed by Symfony
  59.      */
  60.     #[Route(path'/login'name'login')]
  61.     public function login(AuthenticationUtils $helper): Response
  62.     {
  63.         // If already connected, redirect
  64.         if ($this->isGranted('ROLE_USER')) {
  65.             return $this->redirectToRoute('index');
  66.         }
  68.         return $this->render('user/login.html.twig', [
  69.             'last_username' => $helper->getLastUsername(),
  70.             'error' => $helper->getLastAuthenticationError(),
  71.         ]);
  72.     }
  74.     /**
  75.      * Register a new user
  76.      */
  77.     #[Route(path'/register'name'register')]
  78.     public function register(
  79.         Request $request,
  80.         Session $session,
  81.         CompanyService $companyService
  82.     ): RedirectResponse|Response {
  83.         // If already connected, redirect
  84.         if ($this->isGranted('ROLE_USER')) {
  85.             return $this->redirectToRoute('index');
  86.         }
  88.         $user = new User();
  90.         $form $this->createForm(RegistrationType::class, $user);
  91.         $form->handleRequest($request);
  93.         if ($form->isSubmitted() && $form->isValid()) {
  94.             // Then, create user
  95.             $this->userService->setPasswordForUser($user);
  96.             $user->setCompany($companyService->createCompany($request->request->get('registration_company')));
  97.             $user->setIsCompanyAdmin(true);
  98.             $user->setLocale($request->getLocale());
  100.             $this->em->persist($user);
  101.             $this->em->flush();
  103.             // Check for subscription redirect
  104.             $stripeId $request->request->get('stripeId');
  105.             if (isset($stripeId) && $this->em->getRepository(Offer::class)->findOneBy(['stripeId' => $stripeId])) {
  106.                 // @codeCoverageIgnoreStart
  107.                 return $this->redirectToRoute('subscription_new', ['stripeId' => $stripeId]);
  108.                 // @codeCoverageIgnoreEnd
  109.             }
  111.             $session->getFlashBag()->add('info'$this->translator->trans('flash.account.register_confirmed.info', ['%email%' => $user->getEmail()]));
  113.             return $this->redirectToRoute('login');
  114.         }
  116.         return $this->render('user/register.html.twig', [
  117.             'form' => $form->createView(),
  118.             'stripeId' => $request->query->get('stripeId')
  119.         ]);
  120.     }
  122.     /**
  123.      * Resend confirmation email
  124.      */
  125.     #[Route(path'/resend_register/{email}'name'user_resend_register_confirmation')]
  126.     public function resendRegisterConfirmation(string $emailSession $session): RedirectResponse
  127.     {
  128.         $user $this->em->getRepository(User::class)->findOneBy(['email' => $email]);
  130.         // If user exist and not already enabled
  131.         if (!$user || $user->getIsEnabled()) {
  132.             $session->getFlashBag()->add('warning'$this->translator->trans('flash.account.register_confirmed.warning', ['%email%' => $email]));
  133.         } else {
  134.             $this->userService->sendRegisterConfirmationEmail($user);
  136.             $session->getFlashBag()->add('info'$this->translator->trans('flash.account.register_confirmed.info', ['%email%' => $user->getEmail()]));
  137.         }
  139.         return $this->redirectToRoute('login');
  140.     }
  142.     /**
  143.      * Enable user account
  144.      */
  145.     #[Route(path'/register/{token}'name'user_register_confirmed')]
  146.     public function registerConfirmed(string $tokenSession $session): RedirectResponse
  147.     {
  148.         $user $this->em->getRepository(User::class)->findOneBy(['confirmationToken' => $token]);
  150.         // Invalid token
  151.         if (!$user) {
  152.             $session->getFlashBag()->add('danger'$this->translator->trans('flash.account.resetting.reset.token_danger'));
  154.             return $this->redirectToRoute('index');
  155.         }
  157.         // Reset token, enable account
  158.         $user->setConfirmationToken(null);
  159.         $user->setIsEnabled(true);
  160.         $this->em->flush();
  162.         $session->getFlashBag()->add('success'$this->translator->trans('flash.account.register_confirmed.success'));
  164.         // Log the user
  165.         $this->userService->registerUserSession($user);
  167.         return $this->redirectToRoute('thank_you');
  168.     }
  170.     /**
  171.      * Invite a new user to company
  172.      */
  173.     #[Route(path'/invite'name'user_invite')]
  174.     #[IsGranted('ROLE_USER')]
  175.     public function invite(
  176.         Request $request,
  177.         Session $session,
  178.         UrlGeneratorInterface $router
  179.     ): RedirectResponse|Response {
  180.         $formDatas $request->request->all();
  182.         // If no email, render form
  183.         if (empty($email $formDatas['invitation_email'] ?? null)) {
  184.             return $this->render('user/invite.html.twig', [
  185.                 'teams' => $this->em->getRepository(Team::class)->findLike()
  186.             ]);
  187.         }
  189.         // If user already in a company
  190.         $user $this->em->getRepository(User::class)->findOneBy(['email' => $email]);
  191.         if ($user && !empty($user->getCompany())) {
  192.             $session->getFlashBag()->add('danger'$this->translator->trans('flash.account.invite.danger'));
  194.             return $this->render('user/invite.html.twig', [
  195.                 'teams' => $this->em->getRepository(Team::class)->findLike()
  196.             ]);
  197.         }
  199.         // If user does not exist, create it
  200.         if (!$user) {
  201.             $user = new User();
  202.             $user->setEmail($email);
  203.             $user->setCompany($this->getUser()->getCompany());
  204.             $user->setIsCompanyAdmin($formDatas['invitation_isAdmin'] ?? false);
  205.             $user->setLocale($this->getUser()->getLocale());
  206.             $user->setIsEnabled(true);
  208.             /** @var Team $team */
  209.             foreach ($teams $this->em->getRepository(Team::class)->findByIds($formDatas['invitation_teams'] ?? []) as $team) {
  210.                 $user->addTeam($team);
  211.             }
  213.             $this->em->persist($user);
  214.             $this->em->flush();
  216.             $url $router->generate('resetting_reset', ['token' => $user->getConfirmationToken(), 'type' => 'invite'], UrlGeneratorInterface::ABSOLUTE_URL);
  217.         } else {
  218.             // If user already exist but do not have a company yet
  219.             $this->userService->setConfirmationTokenForUser($user);
  220.             $this->em->flush();
  222.             $url $router->generate('user_invite_confirmed', ['token' => $this->getUser()->getCompany()->getUniqueHash() . '-' $user->getConfirmationToken()], UrlGeneratorInterface::ABSOLUTE_URL);
  223.         }
  225.         $this->userService->sendInviteEmail($user$url);
  226.         $session->getFlashBag()->add('success'$this->translator->trans('flash.account.invite.success', ['%email%' => $user->getEmail()]));
  228.         return $this->redirectToRoute('company_index');
  229.     }
  231.     /**
  232.      * Confirm invitation link
  233.      */
  234.     #[Route(path'/invite/{token}'name'user_invite_confirmed')]
  235.     public function inviteConfirmed(string $tokenSession $session): RedirectResponse
  236.     {
  237.         $token explode('-'$token); // Get user token and company token
  239.         // If it seems to a valid token, go on
  240.         if (count($token) == 2) {
  241.             $user $this->em->getRepository(User::class)->findOneBy(['confirmationToken' => $token[1]]);
  243.             // Invalid user token
  244.             if (!$user) {
  245.                 $session->getFlashBag()->add('danger'$this->translator->trans('flash.account.resetting.reset.token_danger'));
  246.             } else {
  247.                 $company $this->em->getRepository(Company::class)->findOneBy(['uniqueHash' => $token[0]]);
  249.                 // If valid company token, add link to user, reset user token
  250.                 if ($company) {
  251.                     $user->setCompany($company);
  252.                     $user->setConfirmationToken(null);
  253.                     $this->em->flush();
  255.                     $session->getFlashBag()->add('success'$this->translator->trans('flash.account.invite_confirmed.success', ['%company%' => $company->getName()]));
  257.                     // Log user
  258.                     $this->userService->registerUserSession($user);
  259.                 }
  260.             }
  261.         }
  263.         return $this->redirectToRoute('index');
  264.     }
  266.     /**
  267.      * Update user profile
  268.      */
  269.     #[Route(path'/profile/edit'name'user_edit')]
  270.     #[IsGranted('ROLE_USER')]
  271.     public function edit(Request $requestSession $session): RedirectResponse|Response
  272.     {
  273.         $form $this->createForm(ProfileType::class, $this->getUser());
  274.         $form->handleRequest($request);
  276.         if ($form->isSubmitted() && $form->isValid()) {
  277.             // @codeCoverageIgnoreStart
  278.             // If "empty" Dropbox token
  279.             if (substr_count($form->getData()->getDropboxToken(), 'X') == 64) {
  280.                 $this->getUser()->setDropboxToken(null);
  281.             }
  282.             // @codeCoverageIgnoreEnd
  284.             $currentPassword $request->request->get('current_password');
  285.             $isPasswordValid $this->userService->isPasswordValidForUser($this->getUser(), $currentPassword);
  287.             // If all passwords checker are valid, update password
  288.             if ($currentPassword != '' && $isPasswordValid) {
  289.                 $this->userService->setPasswordForUser($this->getUser());
  291.                 $session->getFlashBag()->add('success'$this->translator->trans('flash.account.update.success'));
  292.             } elseif ($currentPassword != '' && !$isPasswordValid) {
  293.                 // If all passwords checker are not valid, display an error
  294.                 $session->getFlashBag()->add('danger'$this->translator->trans('flash.account.update.danger'));
  295.             } else {
  296.                 // Display a success message for other information than passwords
  297.                 $session->getFlashBag()->add('success'$this->translator->trans('flash.account.update.success'));
  298.             }
  300.             $this->em->flush();
  302.             return $this->redirectToRoute('user_edit');
  303.         }
  305.         // If form is not valid (wrong passwords repeat for eg), display an error
  306.         if ($form->isSubmitted() && !$form->isValid()) {
  307.             $session->getFlashBag()->add('danger'$this->translator->trans('flash.account.update.danger'));
  308.         }
  310.         return $this->render('user/profile/edit.html.twig', [
  311.             'form' => $form->createView()
  312.         ]);
  313.     }
  315.     /**
  316.      * Update user mailer subscription
  317.      */
  318.     #[Route(path'/profile/mailer'name'user_mailer_send')]
  319.     #[IsGranted('ROLE_USER')]
  320.     public function mailerSend(MailjetService $mailjetRequest $request): Response
  321.     {
  322.         $save $request->request->get('save');  // Get form sent
  323.         // If form sent
  324.         if (isset($save)) {
  325.             $this->userService->updateMailerSettings($this->getUser(), $request->request->all('send'));
  326.         }
  328.         // Render form
  329.         return $this->render('user/profile/send.html.twig', [
  330.             'templates' => $mailjet->getAllNotRequired(),
  331.             'mailerSubscription' => json_decode($this->getUser()->getMailerSubscription(), true)
  332.         ]);
  333.     }
  335.     /**
  336.      * Ask for reset password
  337.      */
  338.     #[Route(path'/resetting/request'name'resetting_request')]
  339.     public function resetRequest(Request $requestSession $session): RedirectResponse|Response
  340.     {
  341.         // If already connected, redirect
  342.         if ($this->isGranted('ROLE_USER')) {
  343.             return $this->redirectToRoute('index');
  344.         }
  346.         // If form sent
  347.         $email $request->request->get('email');
  348.         if (isset($email)) {
  349.             // Check for existing user
  350.             $user $this->em->getRepository(User::class)->findOneBy(['email' => $request->request->get('email')]);
  352.             // If user exist, create a reset request
  353.             if ($user) {
  354.                 $this->userService->sendResettingResetEmail($user);
  356.                 $session->getFlashBag()->add('success'$this->translator->trans('flash.account.resetting.request.success'));
  358.                 return $this->redirectToRoute('login');
  359.             } else {
  360.                 // If user not exist, display an error
  361.                 $session->getFlashBag()->add('danger'$this->translator->trans('flash.account.resetting.request.danger'));
  362.             }
  363.         }
  365.         return $this->render('user/resetting/request.html.twig');
  366.     }
  368.     /**
  369.      * Reset password
  370.      */
  371.     #[Route(path'/resetting/reset/{token}/{type}'name'resetting_reset')]
  372.     public function resetReset(
  373.         string $token,
  374.         string $type,
  375.         Request $request,
  376.         Session $session
  377.     ): RedirectResponse|Response {
  378.         $user $this->em->getRepository(User::class)->findOneBy(['confirmationToken' => $token]);
  380.         // Invalid token
  381.         if (!$user) {
  382.             $session->getFlashBag()->add('danger'$this->translator->trans('flash.account.resetting.reset.token_danger'));
  384.             return $this->redirectToRoute('login');
  385.         }
  387.         $form $this->createForm(ResetType::class);
  388.         $form->handleRequest($request);
  390.         if ($form->isSubmitted() && $form->isValid()) {
  391.             // Set new password
  392.             $user->setPlainPassword($form->get('plainPassword')->getData());
  393.             $this->userService->setPasswordForUser($user);
  395.             $user->setConfirmationToken(null); // Reset token
  396.             $this->em->flush();
  398.             // If token is for invite and enable account
  399.             if ($type == 'invite') {
  400.                 // Log user
  401.                 $this->userService->registerUserSession($user);
  403.                 $session->getFlashBag()->add('success'$this->translator->trans('flash.account.invite_confirmed.success', ['%company%' => $user->getCompany()->getName()]));
  405.                 return $this->redirectToRoute('index');
  406.             } else {
  407.                 // If token is for reset
  408.                 $session->getFlashBag()->add('success'$this->translator->trans('flash.account.update.success'));
  409.             }
  411.             return $this->redirectToRoute('login');
  412.         }
  414.         // If form is not valid (wrong passwords repeat), display an error
  415.         if ($form->isSubmitted() && !$form->isValid()) {
  416.             $session->getFlashBag()->add('danger'$this->translator->trans('flash.account.update.danger'));
  417.         }
  419.         // Render form
  420.         return $this->render('user/resetting/reset.html.twig', [
  421.             'form' => $form->createView(),
  422.             'token' => $token,
  423.             'type' => $type
  424.         ]);
  425.     }
  427.     #[Route(path'/thank_you'name'thank_you'methods: ['GET'])]
  428.     #[IsGranted('ROLE_USER')]
  429.     public function thankYou(): Response
  430.     {
  431.         // If user try to access this page w/ more than one widget
  432.         if (count($this->getUser()->getWidgets()) != 1) {
  433.             return $this->redirectToRoute('index');
  434.         }
  436.         return $this->render('user/thank_you.html.twig', [
  437.             'widget' => $this->getUser()->getWidgets()->first(), // Get first user widget
  438.             'snippet_path' => $this->widgetService->getSnippetPrefixRoute(),
  439.             'snippet_filename' => WidgetService::SNIPPET_FILENAME
  440.         ]);
  441.     }
  443.     /**
  444.      * Get Dropbox token validity
  445.      */
  446.     #[Route(path'/dropbox_connect'name'dropbox_connect')]
  447.     #[IsGranted('ROLE_USER')]
  448.     public function dropboxConnectAjax(Request $request): JsonResponse
  449.     {
  450.         return new JsonResponse($this->dropboxService->dropboxConnect($request->query->get('token')));
  451.     }
  453.     /**
  454.      * Search active user LIKE email (ajax request for Select2EntityType)
  455.      */
  456.     #[Route(path'/search_active_ajax'name'user_searchActive_ajax'methods: ['GET'])]
  457.     #[IsGranted('ROLE_USER')]
  458.     public function searchActiveAjax(Request $request): JsonResponse
  459.     {
  460.         return new JsonResponse($this->em->getRepository(User::class)->getActiveUser($request->get('q')));
  461.     }
  462. }