src/Controller/Main/SecurityController.php line 156

Open in your IDE?
  1. <?php
  3. namespace App\Controller\Main;
  5. use App\Entity\Main\User;
  6. use App\Events\Main\Registration\SecurityEvent;
  7. use App\EventSubscribers\Main\SecuritySubscriber;
  8. use App\Services\CartManager;
  9. use App\Form\Main\UserLoginType;
  10. use App\Services\ReferralProgramManager;
  11. use App\Services\Setup;
  12. use App\Twig\GoogleTagManagerExtension;
  13. use phpDocumentor\Reflection\Types\This;
  14. use Predis\Client;
  15. use Psr\Log\LoggerInterface;
  16. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  17. use Symfony\Component\EventDispatcher\EventDispatcherInterface;
  18. use Symfony\Component\HttpFoundation\RedirectResponse;
  19. use Symfony\Component\HttpFoundation\Request;
  20. use Symfony\Component\HttpFoundation\Response;
  21. use Symfony\Component\HttpFoundation\Session\Session;
  22. use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
  23. use Symfony\Component\Routing\Annotation\Route;
  24. use Symfony\Component\Routing\RouterInterface;
  25. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  26. use Symfony\Component\Security\Core\Exception\AuthenticationException;
  27. use Symfony\Component\Security\Core\Security;
  28. use Symfony\Component\Security\Http\Authentication\AuthenticationUtils;
  30. /**
  31.  * @Route(
  32.  *     condition="not (context.getHost() matches '%coaching_domain.host.regexp%')"
  33.  * )
  34.  */
  35. class SecurityController extends AbstractController
  36. {
  37.     use BrulafineControllerTrait;
  39.     const
  40.         TEMPLATE_NAME_BASE 'templateBase',
  41.         TEMPLATE_NAME_CART 'templateCart',
  42.         ROUTE_OVER 'over',
  43.         ROUTE_FAILED_PAYMENT 'failed-payment',
  44.         ROUTE_OFFER_PREUPSELL CartManager::OFFER_PREUPSELL,
  45.         ROUTE_OFFER_UPSELL CartManager::OFFER_UPSELL
  46.     ;
  48.     const
  49.         AUTOLOGIN_DESTINATION_ROUTES = [
  50.             "home" => 'brulafine_home',
  51.             "pack" => 'brulafine_show_packs',
  52.             "packs" => 'brulafine_show_packs',
  53.             "account" => 'brulafine_user_compte',
  54.             "order" => 'brulafine_user_commandes',
  55.             "orders" => 'brulafine_user_commandes',
  56.             "password" => 'user_change_password',
  57.             "cyrielle" => 'brulafine_temoignage_interactive',
  58.             "testimonies" => 'brulafine_temoignages_no_page',
  59.             "testimony" => 'brulafine_temoignages_no_page',
  60.             "contact" => "brulafine_contact",
  61.             "ingredients" => "brulafine_ingredients",
  62.             "ingredient" => "brulafine_ingredients",
  63.             "cgv" => "brulafine_cgv",
  64.             "avis" => 'brulafine_avis_no_page',
  65.             "video" => 'brulafine_temoignage_videos',
  66.             "videos" => 'brulafine_temoignage_videos',
  67.             self::ROUTE_OVER => 'brulafine_over',
  68.             self::ROUTE_FAILED_PAYMENT => 'brulafine_payment',
  69.             self::ROUTE_OFFER_PREUPSELL => 'brulafine_offers',
  70.             self::ROUTE_OFFER_UPSELL => 'brulafine_offers',
  71.         ];
  73.     const
  74.         DESTINATION_ROUTES_USER_REQUIRED = [
  75.             "account" => 'brulafine_user_compte',
  76.             "order" => 'brulafine_user_commandes',
  77.             "orders" => 'brulafine_user_commandes',
  78.             "password" => 'user_change_password',
  79.             self::ROUTE_OVER => 'brulafine_over',
  80.             self::ROUTE_FAILED_PAYMENT => 'brulafine_payment',
  81.             self::ROUTE_OFFER_PREUPSELL => 'brulafine_offers',
  82.             self::ROUTE_OFFER_UPSELL => 'brulafine_offers',
  83.         ];
  85.     public function __construct(private AuthenticationUtils $authenticationUtils)
  86.     {
  87.     }
  89.     /**
  90.      * @param Request $request
  91.      *
  92.      * @param ReferralProgramManager $referralProgramManager
  93.      * @return Response
  94.      */
  95.     public function loginAction(Request $requestReferralProgramManager $referralProgramManagerAuthorizationCheckerInterface $authorizationCheckerAuthenticationUtils $authenticationUtils)
  96.     {
  97.         /** @var $session \Symfony\Component\HttpFoundation\Session\Session */
  98.         $session $request->getSession();
  99.         $setup $this->getSetup();
  101.         if ($authorizationChecker->isGranted('ROLE_USER')) {
  102.             if ($referralProgramManager->isReferralProgramEnabled($setup->getUser(), $setup->getSite())) {
  103.                 return $this->redirectToRoute('brulafine_user_referral_program');
  104.             }
  106.             return $this->redirectToRoute('brulafine_user_compte');
  107.         }
  109.         // last username entered by the user
  110.         $lastUsername $authenticationUtils->getLastUsername();
  112.         $authErrorKey Security::AUTHENTICATION_ERROR;
  114.         // get the error if any (works with forward and redirect -- see below)
  115.         if ($request->attributes->has($authErrorKey)) {
  116.             $error $request->attributes->get($authErrorKey);
  117.         } elseif (null !== $session && $session->has($authErrorKey)) {
  118.             $error $session->get($authErrorKey);
  119.             $session->remove($authErrorKey);
  120.             $session->set(GoogleTagManagerExtension::GTM_SESSION_LOGIN_EVENT_KEY$error->getMessage());
  121.         } else {
  122.             $error null;
  123.         }
  125.         $form $this->createForm(UserLoginType::class, [
  126.             '_username' => $lastUsername,
  127.         ]);
  129.         return $this->render(
  130.             $this->getTemplatesDir() . '/Security/views/Login/login.html.twig',
  131.             array(
  132.                 'error'         => $error,
  133.                 'form' => $form->createView(),
  134.                 'tracking' => $setup->getTracking(),
  135.                 'site' => $setup->getSite(),
  136.             )
  137.         );
  138.     }
  141.     /**
  142.      * @param Request $request
  143.      * @param $templateName
  144.      * @return Response
  145.      */
  146.     public function loginPartialAction(Request $request$templateName null)
  147.     {
  148.         /** @var $session \Symfony\Component\HttpFoundation\Session\Session */
  149.         $session $request->getSession();
  151.         $authErrorKey Security::AUTHENTICATION_ERROR;
  153.         // get the error if any (works with forward and redirect -- see below)
  154.         if ($request->attributes->has($authErrorKey)) {
  155.             $error $request->attributes->get($authErrorKey);
  156.         } elseif (null !== $session && $session->has($authErrorKey)) {
  157.             $error $session->get($authErrorKey);
  158.             $session->remove($authErrorKey);
  159.             $session->set(GoogleTagManagerExtension::GTM_SESSION_LOGIN_EVENT_KEY$error->getMessage());
  160.         } else {
  161.             $error null;
  162.         }
  164.         if (!$error instanceof AuthenticationException) {
  165.             $error null// The value does not come from the security component.
  166.         }
  168.         // last username entered by the user
  169.         $lastUsername $this->authenticationUtils->getLastUsername();
  170.         $form $this->createForm(UserLoginType::class, [
  171.             '_username' => $lastUsername,
  172.         ]);
  174.         $setup $this->getSetup();
  176.         return $this->renderLoginPartial([
  177.             'error' => $error,
  178.             'tracking' => $setup->getTracking(),
  179.             'site' => $setup->getSite(),
  180.             'form' => $form->createView(),
  181.             'templateName' => $templateName
  182.         ]);
  183.     }
  185.     /**
  186.      * Renders the login template with the given parameters. Overwrite this function in
  187.      * an extended controller to provide additional data for the login template.
  188.      *
  189.      * @param array $data
  190.      *
  191.      * @return Response
  192.      */
  193.     protected function renderLoginPartial(array $data)
  194.     {
  195.         return $this->render($this->getTemplatesDir() . '/Security/views/Login/login_partial.html.twig'$data);
  196.     }
  198.     /**
  199.      * Renders the login template with the given parameters. Overwrite this function in
  200.      * an extended controller to provide additional data for the login template.
  201.      *
  202.      * @param array $data
  203.      *
  204.      * @return Response
  205.      */
  206.     protected function renderLogin(array $data)
  207.     {
  208.         return $this->render($this->getTemplatesDir() . '/Security/views/Login/login.html.twig'$data);
  209.     }
  211.     /**
  212.      * @Route(
  213.      *     "/security/token/login/{loginId}/{loginToken}/{dest}",
  214.      *     name="brulafine_token_login",
  215.      *     defaults={"dest": "home", "data"= 0},
  216.      *     requirements={
  217.      *         "dest": "home|pack|packs|account|order|orders|password|cyrielle|testimonies|testimony|contact|ingredients|ingredient|cgv|over|failed-payment|offer-preupsell|offer-upsell|video|videos",
  218.      *         "loginId": "[0-9a-zA-Z]+",
  219.      *         "loginToken": "[0-9a-zA-Z]+"
  220.      *     }
  221.      * )
  222.      * @param Request $request
  223.      * @param $loginId
  224.      * @param $loginToken
  225.      * @param $dest
  226.      * @param RouterInterface $router
  227.      * @param LoggerInterface $logger
  228.      * @param Session $session
  229.      * @return Response
  230.      */
  231.     public function tokenLoginAction(Request $request$loginId$loginToken$destRouterInterface $routerLoggerInterface $loggerSession $session$redisClientEventDispatcherInterface $eventDispatcher)
  232.     {
  233.         //https://brulafine8up.dev.wcc-bg.com/security/token/login/2ba805dbd290855491f49edebfbb8d047f1bed37/9f3d4b64d188883156e08642d37d60caa71eb878e889d/failed-payment
  234.         // already logged in users can't access this place
  235.         if ($this->getUser() instanceof User) {
  236.             $routeToRedirect self::AUTOLOGIN_DESTINATION_ROUTES[$dest];
  237.             if (self::ROUTE_OVER === $dest && $request->query->get('data'null)) {
  238.                 return $this->redirectToRoute(self::AUTOLOGIN_DESTINATION_ROUTES[$dest], ['shortId' => $request->query->get('data')]);
  239.             }
  241.             if (self::ROUTE_FAILED_PAYMENT == $dest) {
  242.                 $request->getSession()->set(CartManager::CHECK_FAILED_PURCHASE_KEYtrue);
  243.             }
  245.             if (in_array($dest, [self::ROUTE_OFFER_PREUPSELLself::ROUTE_OFFER_UPSELL])) {
  246.                 $routeToRedirect $router->generate(self::AUTOLOGIN_DESTINATION_ROUTES[$dest], ['offer' => $dest]);
  247.                 return new RedirectResponse($routeToRedirect);
  248.             }
  250.             return $this->redirectToRoute($routeToRedirect);
  251.         }
  253.         $environment $this->getParameter("kernel.environment");
  254.         $redisKey ResettingController::AUTOLOGIN_ATTEMPTS_REDIS_KEY $request->getClientIp();
  256.         // prevent brut force attacks by limiting to 50 calls on this address by the same IP.
  257.         $redisClient->setex($redisKey3600, ((int) $redisClient->get($redisKey) + 1));
  259.         if ((int) $redisClient->get($redisKey) > 50 && 'test' != $environment) {
  260.             $logger->alert("Someone is trying to bruteforce the autologin url, IP {$request->getClientIp()}, number of tries so far : {$redisClient->get($redisKey)}");
  261.             $request->getSession()->set(GoogleTagManagerExtension::GTM_SESSION_LOGIN_EVENT_KEY"Too many autologin attempts");
  262.             throw new NotFoundHttpException();
  263.         }
  265.         $usersToLogin $this->getDoctrine()->getRepository(User::class)->getUserFromAutologinToken($loginToken);
  267.         if (!count($usersToLogin)) {
  268.             $request->getSession()->set(GoogleTagManagerExtension::GTM_SESSION_LOGIN_EVENT_KEY"autologin token invalid");
  269.             throw new NotFoundHttpException();
  270.         }
  272.         $userToLogin null;
  274.         foreach ($usersToLogin as $loopUser) {
  275.             if (!$loopUser instanceof User) {
  276.                 continue;
  277.             }
  279.             if ($loopUser->isValidAutoLoginToken($loginId$loginToken45)) {
  280.                 $userToLogin $loopUser;
  281.                 break;
  282.             }
  283.         }
  285.         if (!$userToLogin instanceof User) {
  286.             $request->getSession()->set(GoogleTagManagerExtension::GTM_SESSION_LOGIN_EVENT_KEY"autologin token invalid");
  287.             throw new NotFoundHttpException();
  288.         }
  290.         // check if the user is anonymized. If so he can't login.
  291.         if ($userToLogin->isAnonymized()) {
  292.             $userToLogin->eraseAutoLoginToken();
  293.             $this->getDoctrine()->flush();
  294.             throw new NotFoundHttpException();
  295.         }
  297.         // For Guest users we set the user to the session and don`t log them in.
  298.         if ($userToLogin->hasRole(User::ROLE_GUEST)) {
  299.             if (key_exists($destself::DESTINATION_ROUTES_USER_REQUIRED)) {
  300.                 $session->set(User::GUEST_USER_SESSION_KEY$userToLogin->getId());
  301.             }
  303.             if (self::ROUTE_OVER === $dest && $request->query->get('data'null)) {
  304.                 $routeToRedirect $router->generate(self::AUTOLOGIN_DESTINATION_ROUTES[$dest], ['shortId' => $request->query->get('data')]);
  305.             } else {
  306.                 $routeToRedirect $router->generate(self::AUTOLOGIN_DESTINATION_ROUTES[$dest]);
  307.             }
  309.             return new RedirectResponse($routeToRedirect);
  310.         }
  312.         $eventDispatcher->dispatch(
  313.             new SecurityEvent($userToLogin$request),
  314.             SecuritySubscriber::USER_LOGGED_IN
  315.         );
  317.         // 1. new special case, the route over requires the cart id.
  318.         // 2. new special case, we redirect to payment page users with failed purchases and allow them PayPal payment option with no limit.
  319.         if (self::ROUTE_OVER === $dest && $request->query->get('data'null)) {
  320.             $routeToRedirect $router->generate(self::AUTOLOGIN_DESTINATION_ROUTES[$dest], ['shortId' => $request->query->get('data')]);
  321.         } elseif (self::ROUTE_FAILED_PAYMENT === $dest) {
  322.             $request->getSession()->set(CartManager::CHECK_FAILED_PURCHASE_KEYtrue);
  323.             $routeToRedirect $router->generate(self::AUTOLOGIN_DESTINATION_ROUTES[$dest]);
  324.         } elseif (in_array($dest, [self::ROUTE_OFFER_PREUPSELLself::ROUTE_OFFER_UPSELL])) {
  325.             $routeToRedirect $router->generate(self::AUTOLOGIN_DESTINATION_ROUTES[$dest], ['offer' => $dest]);
  326.         } else {
  327.             $routeToRedirect $router->generate(self::AUTOLOGIN_DESTINATION_ROUTES[$dest]);
  328.         }
  330.         return new RedirectResponse($routeToRedirect);
  331.     }
  332. }