src/Platform/SecurityBundle/Controller/LoginController.php line 53

Open in your IDE?
  1. <?php
  3. namespace Platform\SecurityBundle\Controller;
  5. use Cms\BulletinBundle\Model\Bulletins\PasswordResetFinBulletin;
  6. use Cms\BulletinBundle\Service\BulletinService;
  7. use Cms\CoreBundle\Model\Scenes\DashboardScenes\DocumentScene;
  8. use Cms\CoreBundle\Util\Controller;
  9. use Platform\SecurityBundle\Entity\Identity\Account;
  10. use Platform\SecurityBundle\Entity\Login\ResetToken;
  11. use Platform\SecurityBundle\Form\Type\LoginType;
  12. use Platform\SecurityBundle\Form\Type\ResetPasswordRequestType;
  13. use Platform\SecurityBundle\Form\Type\ResetPasswordType;
  14. use Platform\SecurityBundle\Model\OAuth\AuthenticationTypesBitwise;
  15. use Platform\SecurityBundle\Service\Login\LoginSystem;
  16. use Platform\SecurityBundle\Service\OAuth\OAuthProviderService;
  17. use Platform\SecurityBundle\Service\PasswordService;
  18. use Symfony\Component\Routing\Annotation\Route;
  19. use Symfony\Component\Form\FormError;
  20. use Symfony\Component\HttpFoundation\RedirectResponse;
  21. use Symfony\Component\HttpFoundation\Request;
  22. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  23. use Symfony\Component\Security\Core\Exception\BadCredentialsException;
  24. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  26. /**
  27.  * Class LoginController
  28.  * @package Platform\SecurityBundle\Controller
  29.  */
  30. final class LoginController extends Controller
  31. {
  32.     public const ROUTES__SELECT 'platform.security.login.default.select';
  33.     public const ROUTES__RESET_PASSWORD 'platform.security.login.standard.reset.password';
  34.     public const ROUTES__CHANGE_PASSWORD 'platform.security.login.standard.change.password';
  36.     /**
  37.      * Handles reset password requests
  38.      *
  39.      * @param Request $request
  40.      * @return DocumentScene|RedirectResponse
  41.      *
  42.      * @Route(
  43.      *  "/reset-password",
  44.      *  name = LoginController::ROUTES__RESET_PASSWORD
  45.      * )
  46.      */
  47.     public function resetPasswordAction(
  48.         PasswordService $passwordService,
  49.         Request $request
  50.     )
  51.     {
  52.         // make sure passwords are supported
  53.         if ( ! $this->getGlobalContext()->getTenant()->getAuthenticationTypes()->hasFlag(AuthenticationTypesBitwise::INTERNAL__PASSWORD)) {
  54.             throw new \Exception();
  55.         }
  57.         $form $this->createForm(ResetPasswordRequestType::class, [], []);
  58.         if ($this->handleForm($form)) {
  59.             $account $this->getEntityManager()->getRepository(Account::class)->findOneByEmail($form->get('email')->getData());
  60.             if ( ! empty($account) &&  ! empty($account->getPassword())) {
  61.                 $passwordService->sendResetPasswordInitEmail(
  62.                     $request,
  63.                     $account
  64.                 );
  65.             }
  66.             return $this->view(
  67.                 '@PlatformSecurity/Login/message.html.twig',
  68.                 array(
  69.                     'message' => sprintf(
  70.                         'A reset confirmation will be sent shortly if the email address<br /><br /><strong>%s</strong><br /><br />is linked to a valid account.',
  71.                         $form->get('email')->getData()
  72.                     ),
  73.                     'routes' => array(
  74.                         'login' => LoginController::ROUTES__SELECT,
  75.                     ),
  76.                 )
  77.             );
  78.         }
  79.         return $this->view(array(
  80.             'form' => $form->createView(),
  81.             'routes' => array(
  82.                 'login' => LoginController::ROUTES__SELECT,
  83.             )
  84.         ));
  85.     }
  87.     /**
  88.      * Handles change password requests
  89.      *
  90.      * @param Request $request
  91.      * @param string $token
  92.      * @return DocumentScene|RedirectResponse
  93.      * @throws \Exception
  94.      *
  95.      * @Route(
  96.      *  "/change-password/{token}",
  97.      *  name = LoginController::ROUTES__CHANGE_PASSWORD,
  98.      *  requirements = {
  99.      *      "token" = "[0-9a-f]+"
  100.      *  }
  101.      * )
  102.      */
  103.     public function changePasswordAction(
  104.         BulletinService $bulletinService,
  105.         Request $request,
  106.         string $token
  107.     )
  108.     {
  109.         // make sure passwords are supported
  110.         if ( ! $this->getGlobalContext()->getTenant()->getAuthenticationTypes()->hasFlag(AuthenticationTypesBitwise::INTERNAL__PASSWORD)) {
  111.             throw new \Exception();
  112.         }
  114.         // find the reset request
  115.         /** @var array|ResetToken[] $resets */
  116.         $resets $this->getEntityManager()->getRepository(ResetToken::class)->findBy(array(
  117.             'token' => $token,
  118.         ));
  120.         // should only be one
  121.         if (count($resets) > 1) {
  122.             throw new \Exception();
  123.         } else if (count($resets) < 1) {
  124.             throw new \Exception();
  125.         }
  126.         $reset $resets[0];
  128.         // make sure it has not been used
  129.         if ($reset->getState() !== ResetToken::STATES__UNUSED) {
  130.             throw new NotFoundHttpException();
  131.         }
  133.         // make sure it is not expired
  134.         if ($reset->isExpired()) {
  135.             throw new NotFoundHttpException();
  136.         }
  138.         // get the account tied to this
  139.         $account $reset->getAccount();
  141.         // form stuff
  142.         $form $this->createForm(ResetPasswordType::class);
  144.         // try to handle form submission
  145.         if ($this->handleForm($form$request)) {
  147.             // get the input password
  148.             $password $form->getData()['password'];
  150.             // update with the new password
  151.             $this->getEntityManager()->save($account->setPasswordRaw($password));
  153.             // also flag the reset token as being used
  154.             $reset->setState(ResetToken::STATES__USED);
  155.             $this->getEntityManager()->save($reset);
  157.             // send out confirmation email
  158.             $bulletinService->send((new PasswordResetFinBulletin())
  159.                 ->setTo($account->getEmail())
  160.                 ->setAccount($account)
  161.                 ->setDashboard($this->getGlobalContext()->getDashboardUrl()));
  163.             // record log
  164.             $this->getActivityLogger()->createLog($account$account->getId());
  166.             // back to the login screen
  167.             return $this->redirectToRoute(
  168.                 LoginController::ROUTES__SELECT
  169.             );
  171.         }
  173.         return $this->view(array(
  174.             'email' => $account->getEmail(),
  175.             'form' => $form->createView(),
  176.             'routes' => array('login' => LoginController::ROUTES__SELECT)
  177.         ));
  178.     }
  180.     /**
  181.      * Shows the visitor which login types are supported.
  182.      * If only one type is supported, the visitor is instead automatically redirected to the page for that type.
  183.      *
  184.      * @param Request $request
  185.      * @return DocumentScene|RedirectResponse
  186.      *
  187.      * @Route(
  188.      *     "",
  189.      *     name = LoginController::ROUTES__SELECT
  190.      * )
  191.      */
  192.     public function selectAction(
  193.         LoginSystem $loginSystem,
  194.         OAuthProviderService $oAuthProviderService,
  195.         Request $request
  196.     )
  197.     {
  198.         // determine if we should allow logins
  199.         // need a way for csadmin to bypass
  200.         // TODO: do we need to move this over into the new login logic?
  201.         $allow $this->getGlobalContext()->getTenant()->getAuthenticationTypes()->hasFlag(AuthenticationTypesBitwise::INTERNAL__PASSWORD);
  202.         if ( ! $allow) {
  203.             $allow $request->query->getBoolean('csadmin'false);
  204.         }
  206.         // create form for standard login
  207.         $autofill $request->query->get('autofill'null);
  208.         try {
  209.             $autofill openssl_decrypt(
  210.                 $autofill,
  211.                 'aes128',
  212.                 $this->getParameter('kernel.secret')
  213.             );
  214.         } catch (\Exception $e) {
  215.             $autofill null;
  216.         }
  217.         $form $this->createForm(
  218.             LoginType::class,
  219.             [
  220.                 'username' => $autofill,
  221.             ],
  222.         );
  224.         // pass through login errors
  225.         if ($error $this->getAuthenticationUtils()->getLastAuthenticationError()) {
  226.             $form->addError(new FormError(
  227.                 ($error instanceof BadCredentialsException)
  228.                     ? 'Bad login credentials.'
  229.                     $error->getMessage(),
  230.             ));
  231.         }
  233.         return $this->view(
  234.             [
  235.                 'form' => ($allow) ? $form->createView() : null,
  236.                 'redirect' => $request->query->get('redirect'),
  237.                 'providers' => $oAuthProviderService->getProviders($this->getGlobalContext()->getTenant()),
  238.                 'errors' => $this->getSession()->getFlashBag()->get(SingleSignOnController::ROUTES__FINISH.'__errors'),
  239.                 'routes' => array(
  240.                     'oauth__start' => SingleSignOnController::ROUTES__START,
  241.                     'reset_password' => LoginController::ROUTES__RESET_PASSWORD
  242.                 ),
  243.                 'tenant' => $this->getGlobalContext()->getTenant(),
  244.             ]
  245.         );
  246.     }
  248.     /**
  249.      * @return AuthenticationUtils
  250.      */
  251.     private function getAuthenticationUtils(): AuthenticationUtils
  252.     {
  253.         return $this->get(__METHOD__);
  254.     }
  255. }