src/Controller/SecurityController.php line 87

  1. <?php
  3. namespace App\Controller;
  5. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  6. use Symfony\Component\HttpFoundation\Response;
  7. use Symfony\Component\Routing\Annotation\Route;
  8. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  9. use App\Entity\User;
  10. use App\Entity\Settings;
  11. use App\Entity\ActiveSession;
  12. use App\Form\RegisterType;
  13. use Doctrine\Persistence\ManagerRegistry as PersistenceManagerRegistry;
  14. use Symfony\Component\Security\Csrf\TokenGenerator\TokenGeneratorInterface;
  15. use Symfony\Component\HttpFoundation\Request;
  16. use App\Logger\DatabaseLogger;
  17. use App\Repository\UserRepository;
  18. use Symfony\Component\Mailer\MailerInterface;
  19. use Symfony\Component\Mime\Email;
  20. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  21. use Symfony\Bundle\SecurityBundle\Security;
  22. use \Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  24. use App\Service\SessionControlService;
  26. use Symfony\Component\HttpFoundation\RequestStack;
  28. class SecurityController extends AbstractController {
  30.     public function __construct(
  31.         private UserPasswordHasherInterface $passwordEncoder,
  32.         private MailerInterface $mailer,
  33.         private ParameterBagInterface $params,
  34.         private Security $security,
  35.         private DatabaseLogger $logger,
  36.         private SessionControlService $sessionControlService,
  37.         private RequestStack $requestStack
  38.     ) {
  39.     }
  41.     #[Route(path'/security'name'security'methods: ['GET'])]
  42.     public function index(): Response {
  43.         return $this->render('security/index.html.twig', [
  44.             // 'controller_name' => 'SecurityController',
  45.         ]);
  46.     }
  48.     #[Route(path'/login'name'app_login')]
  49.     public function login(AuthenticationUtils $authenticationUtils): Response {
  50.         # https://auth0.com/blog/creating-your-first-symfony-app-and-adding-authentication/
  52.         // if ($this->getUser()) {
  53.         //     return $this->redirectToRoute('target_path');
  54.         // }
  56.         // get the login error if there is one
  57.         $error $authenticationUtils->getLastAuthenticationError();
  59.         // last username entered by the user
  60.         $lastUsername $authenticationUtils->getLastUsername();
  62.         return $this->render('security/login.html.twig', ['last_username' => $lastUsername'error' => $error]);
  63.     }
  65.     #[Route(path'/logout'name'app_pre_logout')]
  66.     public function pre_logout(Request $request): Response {
  68.         $user $this->security->getUser();
  70.         if (!$user) {
  71.             return $this->redirectToRoute('home');
  72.         }
  73.         $session = ($request->hasSession()) ? $request->getSession()->getId() : '';
  75.         $this->sessionControlService->registerActiveSessions($user->getEmail(), ActiveSession::STATUS_LOGGED_OUT_USER);
  77.         $this->logger->notice('USER LOGOUT');
  78.         return $this->security->logout(false);
  79.     }
  81.     #[Route(path'/real_logout'name'app_logout')]
  82.     public function logout(): void {
  83.         throw new \LogicException('This method can be blank - it will be intercepted by the logout key on your firewall.');
  84.     }
  86.     #[Route(path'/register'name'register'methods: ['GET''POST'])]
  87.     public function register(Request $requestPersistenceManagerRegistry $doctrineDatabaseLogger $loggerTokenGeneratorInterface $tokenGeneratorUserRepository $userRepository) {
  89.         $em $doctrine->getManager();
  90.         $connection $doctrine->getConnection();
  91.         $settingsRepository $em->getRepository(Settings::class);
  92.         $regexObj $settingsRepository->findOneBy(['name' => 'regexpPass']);
  93.         $allowregister $settingsRepository->findOneByName('allowregister');
  94.         if (is_null($allowregister) || $allowregister->getValue() == 0) {
  95.             return $this->redirectToRoute('home');
  96.         }
  98.         $user = new User();
  99.         //TODO: para que haga algo parecido al "fill" de laravel tenemos que pasarle el entity
  100.         // $user en la function createForm.
  101.         $form $this->createForm(RegisterType::class, ['regexp' => $regexObj]);
  103.         $form->handleRequest($request);
  105.         if ($form->isSubmitted() && $form->isValid()) {
  106.             //comprobar que exista el correo sin validar y que tenga más de 15 min
  107.             // --> si existe el registro lo actualizamos
  108.             $user_check $em->getRepository(User::class)->createQueryBuilder('u')
  109.                 ->where('u.email = :email')
  110.                 ->setParameters([
  111.                     'email' => $request->get('register')['email'],
  112.                 ])
  113.                 ->getQuery()
  114.                 ->getOneOrNullResult();
  115.             if ($user_check) {
  116.                 if ($user_check->getConfirmed() === 1) {
  117.                     $this->addFlash('danger''Usuario ya registrado');
  118.                     return $this->redirectToRoute('register');
  119.                 }
  120.                 if ($user_check->getTimeCreated() >= new \DateTime('-15 minutes')) {
  121.                     $this->addFlash('danger''Revise su correo para completar el registro.');
  122.                     return $this->redirectToRoute('register');
  123.                 }
  124.                 $user $user_check;
  125.             }
  126.             // Encode the new users password
  127.             $token $tokenGenerator->generateToken();
  128.             $user->setConfirmationToken($token);
  129.             $user->setConfirmed(0);
  130.             $user->setStatus(User::STATUS_SUSPENDED);
  131.             $user->setPolicyAgreed($request->get('register')['policyagreed']);
  132.             $user->setEmail($request->get('register')['email']);
  133.             $user->setPassword($this->passwordEncoder->hashPassword($user$request->get('register')['password']['first']));
  134.             $user->setTimecreated(new \DateTime());
  136.             // Set their role
  137.             $user->setRoles(['ROLE_USER']);
  139.             // Save
  140.             $em $doctrine->getManager();
  141.             $em->persist($user);
  142.             $em->flush();
  144.             $logger->notice('Se ha creado un nuevo usuario.', [
  145.                 'data' => $user->serialize(),
  146.                 'userid' => $user->getId()
  147.             ]);
  149.             $this->sendConfirmationEmail($user);
  151.             $this->addFlash('success''Revise su correo para completar el registro.');
  152.             return $this->redirectToRoute('app_login');
  153.         }
  155.         return $this->render('security/register.html.twig', [
  156.             'form' => $form->createView(),
  157.         ]);
  158.     }
  160.     #[Route(path'/confirm-registration/{token}'name'confirm_registration'methods: ['GET'])]
  161.     public function confirmRegistration($tokenPersistenceManagerRegistry $doctrineDatabaseLogger $logger) {
  162.         $em $doctrine->getManager();
  163.         $user $em->getRepository(User::class)->findOneBy(['confirmationtoken' => $token'confirmed' => 0]);
  165.         $error 'Ocurrió un error al procesar la solicitud.';
  167.         if ($user) {
  168.             $error '';
  169.             $user->setConfirmed(1);
  170.             $user->setStatus(User::STATUS_ENABLED);
  171.             $em->persist($user);
  172.             $em->flush();
  174.             $logger->notice('Se ha confirmado el registro de un usuario.', [
  175.                 'data' => $user->serialize(),
  176.                 'userid' => $user->getId()
  177.             ]);
  178.         }
  180.         return $this->render('security/confirmation_result.html.twig', [
  181.             'error' => $error,
  182.         ]);
  183.     }
  185.     private function sendConfirmationEmail(User $user) {
  186.         try {
  187.             $email = new Email();
  188.             $email->from($_ENV['MAIL_SMTP_DO_NOT_REPLY_USERNAME'])
  189.                 ->to($user->getEmail())
  190.                 ->subject('Confirmación de registro')
  191.                 ->html(
  192.                     $this->renderView(
  193.                         'security/confirmation_email.html.twig',
  194.                         [
  195.                             'token' => $user->getConfirmationToken(),
  196.                             'user' => $user
  197.                         ]
  198.                     ),
  199.                     'text/html'
  200.                 );
  202.             $this->mailer->send($email);
  203.         } catch (\Exception $e) {
  204.             $this->logger->error(
  205.                 'Error avisando por correo a ' $user->getEmail(),
  206.                 [
  207.                     'userid' => $user->getId(),
  208.                     'data' => $e->getMessage(),
  209.                 ],
  210.             );
  211.         }
  212.     }
  214.     #[Route(path'/forgot-password'name'app_forgot_password_request')]
  215.     public function forgotPasswordRequest(Request $requestPersistenceManagerRegistry $doctrineDatabaseLogger $loggerTokenGeneratorInterface $tokenGenerator): Response {
  216.         $em $doctrine->getManager();
  217.         $regexp $em->getRepository(Settings::class)->findOneBy(['name' => 'regexpPass']);
  218.         if ($request->isMethod('POST')) {
  219.             $resetemail $request->get('resetemail');
  220.             $user $em->getRepository(User::class)->findOneBy(['email' => $resetemail'confirmed' => 1]);
  221.             if ($user) {
  222.                 $token $tokenGenerator->generateToken();
  223.                 $user->setConfirmationToken($token);
  224.                 $em->persist($user);
  225.                 $em->flush();
  227.                 try {
  228.                     $email = new Email();
  229.                     $email->from($_ENV['MAIL_SMTP_DO_NOT_REPLY_USERNAME'])
  230.                         ->to($user->getEmail())
  231.                         ->subject('Solicitud de reinicio de contraseña')
  232.                         ->html(
  233.                             $this->renderView(
  234.                                 'security/passwordreset_email.html.twig',
  235.                                 ['token' => $user->getConfirmationToken()]
  236.                             ),
  237.                             'text/html'
  238.                         );
  240.                     $this->mailer->send($email);
  241.                     $this->addFlash('success''Se ha enviado la solicitud de contraseña al correo indicado.');
  243.                     $logger->notice('Se ha solicitado un reinicio de contraseña para el usuario.', [
  244.                         'data' => $user->serialize(),
  245.                         'userid' => $user->getId()
  246.                     ]);
  247.                 } catch (\Exception $e) {
  248.                     $this->logger->error(
  249.                         'Error avisando por correo a ' $user->getEmail(),
  250.                         [
  251.                             'userid' => $user->getId(),
  252.                             'data' => $e->getMessage(),
  253.                         ],
  254.                     );
  255.                 }
  256.             }
  257.         }
  259.         return $this->render('security/passwordreset.html.twig', [
  260.             'confirmreset' => false,
  261.             'regexpPass' => $regexp,
  262.         ]);
  263.     }
  265.     #[Route(path'/reset-password/{token}'name'reset_password'methods: ['GET''POST'])]
  266.     public function resetPassword(Request $request$tokenPersistenceManagerRegistry $doctrineDatabaseLogger $loggerTokenGeneratorInterface $tokenGenerator) {
  267.         $em $doctrine->getManager();
  268.         $user $em->getRepository(User::class)->findOneBy(['confirmationtoken' => $token'confirmed' => 1]);
  269.         $regexp $em->getRepository(Settings::class)->findOneBy(['name' => 'regexpPass']);
  271.         if (!$user) {
  272.             $this->addFlash('danger''Esta página no está disponible.<br>Es posible que el enlace que seleccionaste no funcione o que se haya eliminado la página.');
  274.             return $this->redirectToRoute('home');
  275.         }
  277.         if ($request->isMethod('POST')) {
  278.             $password $request->get('password');
  280.             $user->setPassword($this->passwordEncoder->hashPassword($user$password));
  281.             $user->setConfirmationToken("");
  282.             $em->persist($user);
  283.             $em->flush();
  285.             $logger->notice('Se ha completado un reinicio de contraseña para el usuario.', [
  286.                 'data' => $user->serialize(),
  287.                 'userid' => $user->getId()
  288.             ]);
  290.             $this->addFlash('success''El password ha sido reseteado correctamente.');
  292.             return $this->redirectToRoute('home');
  293.         }
  295.         return $this->render('security/passwordreset.html.twig', [
  296.             'confirmreset' => true,
  297.             'regexpPass' => $regexp,
  298.         ]);
  299.     }
  300. }