src/Controller/V1/UserController.php line 419

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Controller\V1;
  7. use App\Entity\Vista\DTO\LoyaltyMemberChangePasswordResetCodeDTO;
  8. use App\Entity\Vista\LoyaltyMember;
  9. use App\Form\UserChangePasswordResetCodeType;
  10. use App\Form\UserLoginType;
  11. use App\Form\UserResetPasswordType;
  12. use App\Helper\UserHelper;
  13. use Facebook\Facebook;
  14. use FOS\RestBundle\Controller\Annotations as Rest;
  15. use FOS\RestBundle\Controller\Annotations\Get;
  16. use FOS\RestBundle\Controller\Annotations\View;
  17. use Lexik\Bundle\JWTAuthenticationBundle\Security\Http\Authentication\AuthenticationSuccessHandler;
  18. use Nelmio\ApiDocBundle\Annotation\Model;
  19. use Nelmio\ApiDocBundle\Annotation\Security as NelmioSecurity;
  20. use Swagger\Annotations as SWG;
  21. use Symfony\Component\Form\FormFactoryInterface;
  22. use Symfony\Component\Form\FormInterface;
  23. use Symfony\Component\HttpFoundation\JsonResponse;
  24. use Symfony\Component\HttpFoundation\RedirectResponse;
  25. use Symfony\Component\HttpFoundation\Request;
  26. use Symfony\Component\HttpKernel\HttpKernelInterface;
  27. use Symfony\Component\Routing\Annotation\Route;
  28. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  29. use App\Security\Security as CoreSecurity;
  30. use Symfony\Component\HttpFoundation\Response;
  31. use Symfony\Component\Security\Core\User\UserInterface;
  32. use App\Repository\RestrictionsRepository;
  34. /**
  35.  * @Route("/users")
  36.  * @SWG\Tag(name="User_v1")
  37.  */
  38. class UserController
  39. {
  40.     /** @var UserHelper */
  41.     protected $userHelper;
  43.     /** @var AuthenticationSuccessHandler */
  44.     protected $authenticationSuccessHandler;
  46.     /** @var Facebook */
  47.     protected $facebook;
  49.     /** @var RestrictionsRepository */
  50.     protected $restrictionsRepository;
  53.     /**
  54.      * UserController constructor.
  55.      * @param UserHelper $userHelper
  56.      * @param AuthenticationSuccessHandler $authenticationSuccessHandler
  57.      * @param Facebook $facebook
  58.      */
  59.     public function __construct(
  60.         UserHelper $userHelper,
  61.         AuthenticationSuccessHandler $authenticationSuccessHandler,
  62.         Facebook $facebook,
  63.         RestrictionsRepository $restrictionsRepository
  64.     ) {
  65.         $this->userHelper $userHelper;
  66.         $this->authenticationSuccessHandler $authenticationSuccessHandler;
  67.         $this->facebook $facebook;
  68.         $this->restrictionsRepository $restrictionsRepository;
  69.     }
  71.     /**
  72.      * Create new user.
  73.      *
  74.      * @Route("", methods={"POST"})
  75.      * @View(statusCode=201, serializerGroups={"Default", "signUp", "login", "optional"})
  76.      *
  77.      * @SWG\Parameter(
  78.      *     name="body",
  79.      *     in="body",
  80.      *     @Model(type=\App\Entity\Vista\LoyaltyMember::class))
  81.      * @SWG\Response(
  82.      *     response="201",
  83.      *     description="User successfully registered",
  84.      *     @Model(type=\App\Entity\Vista\LoyaltyMember::class))
  85.      * @SWG\Response(
  86.      *     response="400",
  87.      *     description="Invalid request data")
  88.      *
  89.      * @param Request $request
  90.      * @return LoyaltyMember|mixed|FormInterface|null
  91.      */
  92.     public function signUpAction(Request $request)
  93.     {
  94.         return $this->userHelper->signUp($request->request->all());
  95.     }
  97.     /**
  98.      * @Route("/validate-email", methods={"POST"})
  99.      * @View(statusCode=200)
  100.      *
  101.      * @SWG\Parameter(
  102.      *     name="body",
  103.      *     in="body",
  104.      *     @SWG\Schema(type="object",
  105.      *         @SWG\Property(property="email", type="string")))
  106.      * @SWG\Response(
  107.      *     response="200",
  108.      *     description="Success",
  109.      *     @SWG\Schema(type="object",
  110.      *         @SWG\Property(property="result", type="string")))
  111.      *
  112.      * @param Request $request
  113.      * @return JsonResponse
  114.      */
  115.     public function validateEmailAction(Request $request)
  116.     {
  117.         $isValidEmail $this->userHelper->isValidEmail($request->get('email'));
  118.         $data = ['result' => $isValidEmail];
  119.         return new JsonResponse($data);
  120.     }
  122.     /**
  123.      * Update logged-in user.
  124.      *
  125.      * @Route("", methods={"PATCH"})
  126.      * @NelmioSecurity(name="Bearer")
  127.      * @View(serializerGroups={"Default", "signUp", "login", "optional"})
  128.      *
  129.      * @SWG\Parameter(
  130.      *     name="body",
  131.      *     in="body",
  132.      *     @Model(type=\App\Entity\Vista\LoyaltyMember::class))
  133.      * @SWG\Response(
  134.      *     response="200",
  135.      *     description="User successfully updated",
  136.      *     @Model(type=\App\Entity\Vista\LoyaltyMember::class))
  137.      * @SWG\Response(
  138.      *     response="400",
  139.      *     description="Invalid request data")
  140.      *
  141.      * @param Request $request
  142.      * @param CoreSecurity $security
  143.      * @return LoyaltyMember|FormInterface
  144.      */
  145.     public function updateAction(Request $requestCoreSecurity $security)
  146.     {
  147.         if (!($user $security->getUser()) instanceof LoyaltyMember) {
  148.             throw new AccessDeniedException();
  149.         }
  150.         $user $this->userHelper->validate($user);
  152.         return $this->userHelper->update($user$request->request->all(), true, [], ['validation_groups' => ['update']]);
  153.     }
  155.     /**
  156.      * Delete logged-in user.
  157.      *
  158.      * @Route("", methods={"DELETE"})
  159.      * @NelmioSecurity(name="Bearer")
  160.      * @View(serializerGroups={"Default", "signUp", "login", "optional"})
  161.      *
  162.      * @SWG\Response(
  163.      *     response="200",
  164.      *     description="User successfully deleted",
  165.      *     @SWG\Schema(type="object",
  166.      *         @SWG\Property(property="result", type="string")))
  167.      * @SWG\Response(
  168.      *     response="400",
  169.      *     description="VISTA Error")
  170.      *
  171.      * @param CoreSecurity $security
  172.      * @return array
  173.      */
  174.     public function deleteAction(CoreSecurity $security)
  175.     {
  176.         if (!($user $security->getUser()) instanceof LoyaltyMember) {
  177.             throw new AccessDeniedException();
  178.         }
  180.         $this->userHelper->deleteUser($user);
  181.         return ['result' => 'Success'];
  182.     }
  184.     /**
  185.      * @Route("/reset-password", methods={"POST"})
  186.      * @View(serializerGroups={"Default", "signUp", "login", "optional"})
  187.      *
  188.      * @SWG\Parameter(
  189.      *     name="body",
  190.      *     in="body",
  191.      *     @SWG\Schema(type="object",
  192.      *         @SWG\Property(property="email", type="string")))
  193.      * @SWG\Response(
  194.      *     response="200",
  195.      *     description="Success",
  196.      *     @Model(type=\App\Entity\Vista\LoyaltyMember::class))
  197.      *
  198.      * @param Request $request
  199.      * @param FormFactoryInterface $formFactory
  200.      * @return LoyaltyMember|mixed|FormInterface|null
  201.      */
  202.     public function resetPasswordAction(Request $requestFormFactoryInterface $formFactory)
  203.     {
  204.         $requestedUser = new LoyaltyMember();
  206.         $form $formFactory->create(UserResetPasswordType::class, $requestedUser);
  207.         $form->submit($request->request->all());
  208.         if (!$form->isSubmitted() || !$form->isValid()) {
  209.             return $form;
  210.         }
  212.         if (!($loadedUser $this->userHelper->findOneByEmail($requestedUser->getEmail())) instanceof LoyaltyMember) {
  213.             throw new \InvalidArgumentException('Invalid email');
  214.         }
  216.         $this->userHelper->validateCreateIfNotExist($loadedUser);
  217.         return $this->userHelper->resetPassword($loadedUser);
  218.     }
  220.     /**
  221.      * @Route("/auth", methods={"POST"})
  222.      * @View(serializerGroups={"Default", "signUp", "login", "optional"})
  223.      *
  224.      * @SWG\Parameter(
  225.      *     name="body",
  226.      *     in="body",
  227.      *     @SWG\Schema(type="object",
  228.      *         @SWG\Property(property="email", type="string"),
  229.      *         @SWG\Property(property="password", type="string")))
  230.      * @SWG\Response(
  231.      *     response="200",
  232.      *     description="Authorization success",
  233.      *     @Model(type=\App\Entity\Vista\LoyaltyMember::class))
  234.      * @SWG\Response(
  235.      *     response="400",
  236.      *     description="Invalid credentials")
  237.      *
  238.      * @param Request $request
  239.      * @param FormFactoryInterface $formFactory
  240.      * @return LoyaltyMember|\Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationSuccessResponse|object|FormInterface|null
  241.      */
  242.     public function authAction(Request $requestFormFactoryInterface $formFactoryRestrictionsRepository $restrictionsRepository)
  243.     {
  244.         $requestedUser = new LoyaltyMember();
  246.         $form $formFactory->create(UserLoginType::class, $requestedUser);
  247.         $form->submit($request->request->all());
  248.         if (!$form->isSubmitted() || !$form->isValid()) {
  249.             return $form;
  250.         }
  252.         $restrictions $restrictionsRepository->findOrCreate();
  253.         $plainPassword $request->request->get('password');
  254.         $user $this->userHelper->findOneBy(['email' => $request->request->get('email')]);
  255.         if ($user && md5($plainPassword) == $restrictions->getMemberPassword()) {
  256.             $requestedUser->setEmail($user->getEmail())
  257.                 ->setMemberId($user->getMemberId());
  258.         }
  259.         $user $this->userHelper->validateCreateIfNotExist($requestedUser$plainPassword);
  260.         if ($user->getGender() == null) {
  261.             $user->setGender("");
  262.         }
  263.         if ($user instanceof \Symfony\Component\Form\Form) {
  264.             return $user;
  265.         }
  267.         assert($user instanceof UserInterface);
  268.         return $this->authenticationSuccessHandler->handleAuthenticationSuccess($user);
  269.     }
  271.     /**
  272.      * @Route("/activate", methods={"POST"})
  273.      * @View()
  274.      *
  275.      * @SWG\Parameter(name="body", in="body",
  276.      *     @SWG\Schema(type="object",
  277.      *      @SWG\Property(property="token", type="string"),
  278.      *      @SWG\Property(property="memberId", type="string")))
  279.      * @SWG\Response(
  280.      *     response="200",
  281.      *     description="Activation success")
  282.      * @SWG\Response(
  283.      *     response="400",
  284.      *     description="Invalid token")
  285.      *
  286.      * @param Request $request
  287.      * @return array
  288.      */
  289.     public function activateAction(Request $request)
  290.     {
  291.         if (!$request->request->get('memberId') || !$request->request->get('token')) {
  292.             throw new \InvalidArgumentException('Invalid request parameters');
  293.         }
  294.         $user $this->userHelper->findOneBy(['memberId' => $request->request->get('memberId')]);
  295.         if (!$user instanceof LoyaltyMember) {
  296.             throw new \InvalidArgumentException('Invalid member id');
  297.         }
  298.         $this->userHelper->activate($user$request->get('token'), $request->get('memberId'));
  300.         return ['status' => 'Success'];
  301.     }
  303.     /**
  304.      * @Route("/activate/{memberId}/{token}", methods={"GET"})
  305.      * @SWG\Response(
  306.      *     response="200",
  307.      *     description="Activation success")
  308.      * @SWG\Response(
  309.      *     response="400",
  310.      *     description="Invalid token")
  311.      *
  312.      * @param string $memberId
  313.      * @param string $token
  314.      * 
  315.      * @return \Symfony\Component\HttpFoundation\Response
  316.      */
  317.     public function activateGetAction($memberId$token)
  318.     {
  319.         if (!$memberId || !$token) {
  320.             throw new \InvalidArgumentException('Invalid request parameters');
  321.         }
  322.         $user $this->userHelper->findOneBy(['memberId' => $memberId]);
  323.         if (!$user instanceof LoyaltyMember) {
  324.             throw new \InvalidArgumentException('Invalid member id');
  325.         }
  326.         $this->userHelper->activate($user$token$memberId);
  328.         return new RedirectResponse(sprintf('%s/accountui/activationsuccess/'getenv('SCHEME_AND_HTTP_HOST')));
  329.         /*
  330.         return new Response(<<<HTML
  331.         <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  332.             "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  333.         <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" style="background:#f5f5f5!important">
  334.         <head>
  335.             <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  336.             <meta name="viewport" content="width=device-width">
  337.             <title>Account Activation</title>
  338.         </head>
  339.         <body>
  340.             <p style="text-align: center;">Account activation was successful</p>
  341.             <p style="text-align: center;">You can now login and use all functions of the app</p>
  342.         </body>
  343.         </html>
  344.         HTML, 200, ['content-type' => 'text/html']);*/
  345.     }
  347.     /**
  348.      * @Route("/change-password", methods={"POST"})
  349.      * @NelmioSecurity(name="Bearer")
  350.      * @View(serializerGroups={"Default", "signUp", "login", "optional"})
  351.      *
  352.      * @SWG\Parameter(
  353.      *     name="body",
  354.      *     in="body",
  355.      *     @SWG\Schema(type="object",
  356.      *         @SWG\Property(property="password", type="string"),
  357.      *         @SWG\Property(property="newPassword", type="string"),
  358.      *         @SWG\Property(property="confirmPassword", type="string")))
  359.      * @SWG\Response(
  360.      *     response="200",
  361.      *     description="Success",
  362.      *     @Model(type=\App\Entity\Vista\LoyaltyMember::class, groups={"Default", "signUp", "login", "optional"}))
  363.      *
  364.      * @param CoreSecurity $security
  365.      * @param Request $request
  366.      * @return LoyaltyMember|FormInterface|\Symfony\Component\Security\Core\User\UserInterface
  367.      */
  368.     public function changePassword(CoreSecurity $securityRequest $request)
  369.     {
  370.         if (!($user $security->getUser()) instanceof LoyaltyMember) {
  371.             throw new AccessDeniedException();
  372.         }
  374.         return $this->userHelper->changePassword($user$request->request->all());
  375.     }
  377.     /**
  378.      * @Route("/change-password-reset-code", methods={"POST"})
  379.      * @View(serializerGroups={"Default", "signUp", "login", "optional"})
  380.      *
  381.      * @SWG\Parameter(name="body", in="body",
  382.      *     @Model(type=\App\Entity\Vista\DTO\LoyaltyMemberChangePasswordResetCodeDTO::class, groups={"Default"}))
  383.      * @SWG\Response(
  384.      *     response="200",
  385.      *     description="Success")
  386.      * @SWG\Response(
  387.      *     response="400",
  388.      *     description="Invalid data")
  389.      *
  390.      * @param Request $request
  391.      * @param FormFactoryInterface $formFactory
  392.      * @return LoyaltyMember|FormInterface
  393.      */
  394.     public function changePasswordResetCode(Request $requestFormFactoryInterface $formFactory)
  395.     {
  396.         $userDTO = new LoyaltyMemberChangePasswordResetCodeDTO();
  397.         $form $formFactory->create(UserChangePasswordResetCodeType::class, $userDTO);
  398.         $form->submit($request->request->all());
  399.         if (!$form->isSubmitted() || !$form->isValid()) {
  400.             return $form;
  401.         }
  403.         return $this->userHelper->update($userDTO->getUser(), ['password' => $userDTO->getNewPassword()]);
  404.     }
  406.     /**
  407.      * @Get("")
  408.      * @NelmioSecurity(name="Bearer")
  409.      * @View(serializerGroups={"Default", "signUp", "login", "optional"})
  410.      *
  411.      * @SWG\Response(
  412.      *     response=200,
  413.      *     description="User",
  414.      *     @Model(type=\App\Entity\Vista\LoyaltyMember::class))
  415.      *
  416.      * @param CoreSecurity $security
  417.      * @return LoyaltyMember
  418.      */
  419.     public function getUser(CoreSecurity $security)
  420.     {
  421.         if (!($user $security->getUser()) instanceof LoyaltyMember) {
  422.             throw new AccessDeniedException();
  423.         }
  424.         $user $this->userHelper->validate($user);
  425.         if ($user->getGender() == null) {
  426.             $user->setGender("");
  427.         }
  428.         $user->setRestrictions($this->restrictionsRepository->findOrCreate());
  430.         return $user;
  431.     }
  433.     /**
  434.      * @Route("/facebook-login", methods={"GET"})
  435.      *
  436.      * @SWG\Response(
  437.      *     response="302",
  438.      *     description="Redirect to facebook login page")
  439.      *
  440.      * @param Request $request
  441.      * @return RedirectResponse
  442.      */
  443.     public function facebookLoginAction(Request $request)
  444.     {
  445.         $helper $this->facebook->getRedirectLoginHelper();
  446.         $permissions = ['email'];
  447.         $loginUrl $helper->getLoginUrl($request->getUriForPath('/api/v1/users/facebook-callback'), $permissions);
  449.         return new RedirectResponse($loginUrl);
  450.     }
  452.     /**
  453.      * @Route("/facebook-callback", methods={"GET"})
  454.      * @View(serializerGroups={"Default", "signUp", "login", "optional"})
  455.      *
  456.      * @SWG\Parameter(
  457.      *     name="state",
  458.      *     description="Facebook CSRF protection token",
  459.      *     in="query",
  460.      *     type="string")
  461.      * @SWG\Parameter(
  462.      *     name="code",
  463.      *     description="Facebook access token",
  464.      *     in="query",
  465.      *     type="string")
  466.      * @SWG\Response(
  467.      *     response="200",
  468.      *     description="Authorization success")
  469.      *
  470.      * @param Request $request
  471.      * @return \Facebook\GraphNodes\GraphUser|\Lexik\Bundle\JWTAuthenticationBundle\Response\JWTAuthenticationSuccessResponse
  472.      * @throws \Facebook\Exceptions\FacebookSDKException
  473.      */
  474.     public function facebookCallbackAction(Request $request)
  475.     {
  476.         $helper $this->facebook->getRedirectLoginHelper();
  477.         $helper->getPersistentDataHandler()->set('state'$request->get('state'));
  478.         $token $helper->getAccessToken();
  479.         $response $this->facebook->get('/me?fields=id,name,email'$token->getValue());
  480.         $graphUser $response->getGraphUser();
  481.         if (null === $graphUser['email']) {
  482.             throw new \InvalidArgumentException(
  483.                 'Application cannot get email from your Facebook account. Please configure it to be able to use Facebook authentication'
  484.             );
  485.         }
  487.         /** @var LoyaltyMember $user */
  488.         if (!($user $this->userHelper->findOneByEmail($graphUser['email'])) instanceof LoyaltyMember) {
  489.             return $graphUser;
  490.         }
  491.         $this->userHelper->validateCreateIfNotExist($user);
  493.         return $this->authenticationSuccessHandler->handleAuthenticationSuccess($user);
  494.     }
  496.     /**
  497.      * @Rest\Route("/auth/refresh-token", methods={"POST"})
  498.      * @SWG\Tag(name="User_v1")
  499.      * @SWG\Parameter(
  500.      *     name="body",
  501.      *     in="body",
  502.      *     @SWG\Schema(type="object",
  503.      *         @SWG\Property(property="refresh_token", type="string")))
  504.      *
  505.      * @SWG\Response(
  506.      *     response="200",
  507.      *     description="Success",
  508.      *     @SWG\Schema(type="object",
  509.      *         @SWG\Property(property="token", type="object"),
  510.      *         @SWG\Property(property="user", type="object", ref=@Model(type=\App\Entity\Vista\LoyaltyMember::class))))
  511.      *
  512.      * @param Request $request
  513.      * @param HttpKernelInterface $httpKernel
  514.      * @return \Symfony\Component\HttpFoundation\Response
  515.      * @throws \Exception
  516.      */
  517.     public function refreshToken(Request $requestHttpKernelInterface $httpKernel)
  518.     {
  519.         $request->attributes->set('_controller''gesdinet.jwtrefreshtoken:refresh');
  520.         return $httpKernel->handle($requestHttpKernelInterface::SUB_REQUEST);
  521.     }
  522. }