src/Controller/SecurityController.php line 385

  1. <?php
  3. namespace App\Controller;
  5. use App\Entity\ResetPassword;
  6. use App\Entity\Users;
  7. use App\Entity\UserAdditionalDetails;
  8. use App\Entity\ProfileClassification;
  9. use App\Entity\UsersCategories;
  10. use App\Entity\VehicleClients;
  11. use App\Form\ResetPasswordType;
  12. use App\Form\UserRegistrationType;
  13. use Gregwar\Captcha\CaptchaBuilder;
  14. use Gregwar\Captcha\PhraseBuilder;
  15. use Psr\Log\LoggerInterface;
  16. use Symfony\Component\Routing\Annotation\Route;
  17. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  18. use Symfony\Component\HttpFoundation\Response;
  19. use Symfony\Component\HttpFoundation\JsonResponse;
  20. use Symfony\Component\HttpFoundation\Request;
  21. //use Symfony\Component\Security\Core\Encoder\UserPasswordEncoderInterface;
  22. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  23. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  24. use Unirest;
  25. use Symfony\Component\Form\FormError;
  26. use App\Service\SMSHelper;
  28. //use Symfony\Component\Security\Core\Security;
  29. use Symfony\Bundle\SecurityBundle\Security;
  30. use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
  32. use Symfony\Contracts\Translation\TranslatorInterface;
  33. use Doctrine\Persistence\ManagerRegistry;
  35. /**
  36.  * Class SecurityController
  37.  * @package App\Controller
  38.  */
  39. class SecurityController extends AbstractController
  40. {
  41.     /**
  42.      * @var CsrfTokenManagerInterface
  43.      */
  44.     private CsrfTokenManagerInterface $csrfTokenManager;
  46.     /**
  47.      * Constructor for SecurityController.
  48.      * Injects the CsrfTokenManagerInterface.
  49.      *
  50.      * @param CsrfTokenManagerInterface $csrfTokenManager The CSRF token manager service.
  51.      */
  52.     public function __construct(CsrfTokenManagerInterface $csrfTokenManager)
  53.     {
  54.         $this->csrfTokenManager $csrfTokenManager;
  55.     }
  57.     /**
  58.      * @param Request $request
  59.      *
  60.      */
  61.     #[Route('/login'name'login')]
  62.     public function loginAction(Security $securityAuthenticationUtils $authenticationUtils): Response
  63.     {
  64.         // redirect to profile if user logged 
  65.         if($security->getUser() instanceof \Symfony\Component\Security\Core\User\UserInterface){
  66.             return $this->redirectToRoute('my_profile');
  67.         }
  68.         // get the login error if there is one
  69.         $error        $authenticationUtils->getLastAuthenticationError();
  70.         $lastUsername $authenticationUtils->getLastUsername();
  72.         return $this->render('security/login.html.twig', array(
  73.             'last_username' => $lastUsername,
  74.             'error'         => $error
  75.         ));
  76.     }
  78.     /**
  79.      * @throws \Exception
  80.      */
  81.     #[Route('/logout'name'logout')]
  82.     public function logoutAction()
  83.     {
  84.         throw new \Exception('This should never be reached!');
  85.     }
  87.     /**
  88.      * @return \Symfony\Component\HttpFoundation\RedirectResponse|\Symfony\Component\HttpFoundation\Response
  89.      * @throws Unirest\Exception
  90.      */
  91.     #[Route('/reg/getCaptcha'name'get_captcha_ajax'methods:["POST"])]
  92.     public function regenerateCaptchaAjaxAction(Request $request)
  93.     {
  94.         if ($request->isXMLHttpRequest()) {
  95.             $session   $request->getSession();
  96.             $builder $this->createCaptcha($session);
  97.             return new JsonResponse(['builder' => $builder->inline()]);
  98.         }
  99.         return null;
  100.     }
  102.     /**
  103.      *
  104.      * @return \Symfony\Component\HttpFoundation\RedirectResponse|\Symfony\Component\HttpFoundation\Response
  105.      * @throws Unirest\Exception
  106.      */
  107.     #[Route('/register'name'user_registration'methods:["GET","POST"])]
  108.     #[Route('/reg'name'user_reg'methods:["GET","POST"])]
  109.     public function registerAction(Request $requestUserPasswordHasherInterface $passwordEncoder
  110.             LoggerInterface $loggerTranslatorInterface $translatorManagerRegistry $doctrine)
  111.     {
  112.         // redirect to profile if user logged
  113.         if($this->getUser() instanceof \Symfony\Component\Security\Core\User\UserInterface){
  114.             return $this->redirectToRoute('my_profile');
  115.         }
  116.         $session   $request->getSession();
  117.         $locale    $request->getLocale();
  118.         $errorCaptcha false;
  120.         // 1) build the form
  121.         $user = new Users();
  122.         $form $this->createForm(UserRegistrationType::class, $user, ['locale' => $locale]);
  124.         // 2) handle the submit (will only happen on POST)
  125.         $form->handleRequest($request);
  127.         if ($form->isSubmitted() && $form->isValid()) {
  129.             // refresh CSRF token (form_intention)
  130.             $newToken $this->csrfTokenManager->refreshToken('form_intention');
  132.             $postedData  $request->request->all();
  133.             $code        $postedData['sms_code'];
  134.             $userCaptcha $postedData['userCaptcha'];
  135.             if ($userCaptcha == $session->get('captchaPhrase')) {
  136.                 if ($code == $session->get('verificationCode')) {
  137.                     $password     rand(10019998);
  138.                     $mobileNumber $user->getMobileNumber();
  139.                     preg_match('/^(?:0|966)*(5\d{8})$/'$mobileNumber$mobNumChunks);
  140.                     $user->setMobileNumber($mobNumChunks[1]); //remove leading zero or KSA country code if any exists
  141.                     $username $user->getUserIdentityInfo()->getIdentificationNumber();
  143.                     // 3) Encode the password (you could also do this via Doctrine listener)
  144.                     $hashedPassword $passwordEncoder->hashPassword($user$password);
  145.                     $user->setPassword($hashedPassword);
  147.                     // 4) save the User!
  148.                     $em       $doctrine->getManager();
  149.                     $category $em->getRepository(UsersCategories::class)->find(1);
  151.                     $userIdentityInfo $user->getUserIdentityInfo();
  152.                     $user->setUserIdentityInfo(null);
  153.                     $user->setCategory($category);
  154.                     $user->setIsReceiveSms(true); //the self-registered users by default accept to receive our SMS
  155.                     $user->setUsername($userIdentityInfo->getIdentificationNumber());
  156.                     $user->setProfileOrigin("self registered");
  157.                     $em->persist($user);
  158.                     //if image uploading is required, so this is the place where to add upload code
  159.                     $em->flush($user);
  161.                     // saving user identity info
  162.                     $user->setUserIdentityInfo($userIdentityInfo);
  163.                     $userIdentityInfo->setUser($user);
  165.                     $userAdditionalDetails = new UserAdditionalDetails();
  166.                     $registeredClassification $em->getRepository(ProfileClassification::class)->findBy(['nameEn'=> 'Registered']);
  167.                     $userAdditionalDetails->setClassification($registeredClassification[0]);
  168.                     $userAdditionalDetails->setUser($user);
  169.                     $user->setUserAdditionalDetails($userAdditionalDetails);
  170.                     $em->persist($userAdditionalDetails);
  171.                     $em->flush($userAdditionalDetails);
  173.                     // Create vehicle client account
  174.                     $vehicleClient = new VehicleClients();
  175.                     $vehicleClient->setUser($user);
  176.                     $vehicleClient->setClientId($user->getUserId());
  177.                     $vehicleClient->setUser($user);
  178.                     $vehicleClient->setIsActive(1);
  180.                     $em->persist($vehicleClient);
  181.                     $em->persist($userIdentityInfo);
  182.                     $em->flush();
  183.                     
  184.                     $message $translator->trans('your login info ID and password are',
  185.                             ['%{username}'=> $username'%{password}'=> $password'%{newline}'=> "\n"], 'clients');
  187.                     if ($this->sendSMSToUser($message$mobileNumber'randum generated password'$logger)) {
  188.                         return $this->redirectToRoute('user_thanking');
  189.                     } else {
  190.                         // password did not sent to customer
  191.                         $session->getFlashBag()->add('info',
  192.                             $translator->trans('no password sent', array(), 'clients')
  193.                         );
  194.                         $logger->info('Register Action: no password sent to mobile num: '$user->getMobileNumber());
  195.                         return $this->redirectToRoute('login');
  196.                     }
  197.                 } else {
  198.                     // activation code is wrong
  199.                     $errorMessage $translator->trans('you have entered a wrong verification code please enter the correct one', array(''), 'validators');
  200.                     $form->addError(new FormError($errorMessage)); //this is how to add an error to Symfony form
  201.                     $logger->info('Register Action: you have entered a wrong verification code please enter the correct one, mobile num is '$user->getMobileNumber());
  202.                 }
  203.             } else {
  204.                 // captcha code is wrong
  205.                 $errorMessage $translator->trans('captcha code is wrong', array(''), 'validators');
  206.                 $form->addError(new FormError($errorMessage)); //this is how to add an error to Symfony form
  207.                 $logger->info('Register Action: you have entered a wrong captcha code, mobile num is '$user->getMobileNumber());
  208.                 $errorCaptcha $translator->trans('captcha code is wrong', array(''), 'validators');
  209.             }
  210.         }
  211.         $builder $this->createCaptcha($session);
  213.         return $this->render('security/register.html.twig', array(
  214.             'form'      => $form->createView(),
  215.             'locale'    => $locale,
  216.             'builder'   => $builder,
  217.             'errorCaptcha'   => $errorCaptcha,
  219.         ));
  220.     }
  222.     /**
  223.      *
  224.      * @return \Symfony\Component\HttpFoundation\RedirectResponse|\Symfony\Component\HttpFoundation\Response
  225.      * @throws Unirest\Exception
  226.      */
  227.     #[Route('/forgotPassword'name'forgot_password'methods:["GET","POST"])]
  228.     #[Route('/getCaptchaForgot'name'get_captcha_forgot_ajax'methods:["GET","POST"])]
  229.     public function forgotPasswordAction(Request $requestLoggerInterface $loggerTranslatorInterface $translatorManagerRegistry $doctrine)
  230.     {
  231.         $session $request->getSession();
  233.         //for ajax request
  234.         if ($request->isXMLHttpRequest()) {
  235.             $builder      $this->createCaptcha($session);
  236.             return new JsonResponse(['builder' => $builder->inline()]);
  237.         }
  238.         if ($request->isMethod('post')) {
  239.             //if post, validate then send verification code
  240.             $postedData   $request->request->all();
  241.             $userCaptcha  $postedData['userCaptcha'];
  242.             $mobileNumber $postedData['mobileNumber'];
  244.             // if the mobile number starts 0 , remove it
  245.              if(substr($mobileNumber,0,1) == 0){
  246.                 $mobileNumber =  substr($mobileNumber,1);
  247.             }
  249.             if ($userCaptcha == $session->get('captchaPhrase')) {
  250.                 $em   $doctrine->getManager();
  251.                 $user $em->getRepository(Users::class)->findOneBy(['mobileNumber' => $mobileNumber]);
  252.                 if ($user) {
  253.                     $code rand(101998);
  254.                     $session->set('activationCode'$code);
  255.                     
  256.                     $message $translator->trans('to reset your password enter this code', array(), 'clients') . ': '$code.
  257.                         "\n" $translator->trans('your ID is', [], 'clients') . ': ' $user->getUsername();
  258.                     if ($this->sendSMSToUser($message$mobileNumber'forgot password code'$logger)) {
  259.                         $session->set('mobileNumber'$mobileNumber);
  260.                         return $this->redirectToRoute('reset_password');
  261.                     } else {
  262.                         // code did not sent to customer
  263.                         $session->getFlashBag()->add('info',
  264.                             $translator->trans('no code sent', array(), 'clients')
  265.                         );
  266.                         return $this->redirectToRoute('forgot_password');
  267.                     }
  268.                 } else {
  269.                     // no user registered with this mobile number
  270.                     $errorCode $translator->trans('no user registered by this mobile number', array(''), 'validators');
  271.                     $builder   $this->createCaptcha($session);
  272.                 }
  273.             } else {
  274.                 // captcha code is wrong
  275.                 $errorCode $translator->trans('you have enterd a wrong captcha code', array(''), 'validators');
  276.                 $builder   $this->createCaptcha($session);
  277.             }
  278.         } else {
  279.             $builder      $this->createCaptcha($session);
  280.             $errorCode    null;
  281.             $mobileNumber '';
  284.         }
  286.         return $this->render('security/forgot_password.html.twig', ['builder' => $builder'errorCode' => $errorCode'mobileNumber' => $mobileNumber]);
  287.     }
  289.     /**
  290.      * @param $mobileNumber
  291.      *
  292.      * @return \Symfony\Component\HttpFoundation\RedirectResponse|\Symfony\Component\HttpFoundation\Response
  293.      */
  294.     #[Route('/resetPassword'name'reset_password'methods:["GET","POST"])]
  295.     public function resetPasswordAction(Request $requestUserPasswordHasherInterface $passwordEncoder
  296.             TranslatorInterface $translatorManagerRegistry $doctrine)
  297.     {
  298.         $session       $request->getSession();
  299.         $resetPassword = new ResetPassword();
  300.         $errorCode     '';
  301.         $mobileNumber$session->get('mobileNumber');
  303.         $form $this->createForm(ResetPasswordType::class, $resetPassword, ['capital' => false]);
  304.         $form->handleRequest($request);
  306.         if ($form->isSubmitted() && $form->isValid()) {
  307.             $em   $doctrine->getManager();
  308.             $user $em->getRepository(Users::class)->findOneBy(['mobileNumber' => $mobileNumber]);
  310.             if ($user) {
  311.                 $code $resetPassword->getSmsCode();
  313.                 if ($code == $session->get('activationCode')) {
  314.                     $newPassword    $resetPassword->getNewPassword();
  315.                     //$user           = $this->getUser();
  316.                     $hashedPassword $passwordEncoder->encodePassword($user$newPassword);
  317.                     $user->setPassword($hashedPassword);
  318.                     $em->flush($user);
  319.                     $session->getFlashBag()->add('success',
  320.                         $translator->trans('password changed successfully', array(), 'clients')
  321.                     );
  322.                     return $this->redirectToRoute('login');
  323.                 } else {
  324.                     // activation code is wrong
  325.                     $errorCode $translator->trans('you have entered a wrong activation code please enter the correct one', array(''), 'validators');
  326.                 }
  327.             } else {
  328.                 // no user registered by his mobile number
  329.                 $errorCode $translator->trans('no user registered by this mobile number', array(''), 'validators');
  330.                 $builder   $this->createCaptcha($session);
  331.             }
  332.         }
  334.         return $this->render('security/reset_password.html.twig', array(
  335.             'form'      => $form->createView(),
  336.             'errorCode' => $errorCode
  337.         ));
  338.     }
  340.     /**
  341.      * @param $passwordOrCode
  342.      * @param $mobileNumber
  343.      * @param $smsType
  344.      * @param null $username
  345.      *
  346.      * @return bool
  347.      * @throws Unirest\Exception
  348.      */
  349.     private function sendSMSToUser($message$mobileNumber$smsTypeLoggerInterface $logger)
  350.     {
  351.         if ( !preg_match('/^(?:0|966)*(5\d{8})$/'$mobileNumber$mobNumChunks) ) {
  352.             $logger->info"Unable to send $smsType SMS due to wrong mobile num :"$mobileNumber);
  353.             return false;
  354.         }
  356.         $mobileNumber '966'$mobNumChunks[1]; //add KSA country code
  357.         //send the code into an SMS
  358.         $smsHelper =   new  SMSHelper();
  359.         $sendStatus$smsHelper->sendSms$message $mobileNumber);
  361.         $logger->info(\Doctrine\Common\Util\Debug::dump($smsHelper->getRawResponse(), 2truefalse));
  363.         switch ($sendStatus){
  364.             case $smsHelper::STATUS['sms_seems_sent'];
  365.                 $logger->info"sending $smsType SMS to mobile num :"$mobileNumber" sent!");
  366.                 return true;
  367.             case $smsHelper::STATUS['sms_send_failed'];
  368.             case $smsHelper::STATUS['request_failed'];
  369.                 $logger->info"Failed sending $smsType SMS to mobile num :"$mobileNumber" due to this exception: "$smsHelper->getException());
  370.                 return false;
  371.         }
  372.         return null;
  373.             
  374.     }
  376.     /**
  377.      * @return CaptchaBuilder
  378.      */
  379.     private function createCaptcha($session)
  380.     {
  381.         // Will build phrases of 4 characters, only digits
  382.         $phraseBuilder = new PhraseBuilder(4'0123456789');
  383.         $builder       = new CaptchaBuilder(null$phraseBuilder);
  384.         $builder->build(11550);
  385.         $session->set('captchaPhrase'$builder->getPhrase());
  387.         return $builder;
  388.     }
  389. }