src/Controller/Api/Auth.php line 562

Open in your IDE?
  1. <?php
  2. /**
  3.  * Created by PhpStorm.
  4.  * User: adria
  5.  * Date: 1/3/2019
  6.  * Time: 12:11 AM
  7.  */
  9. namespace App\Controller\Api;
  11. use App\Controller\Response;
  12. use App\Entity\ApiToken;
  13. use App\Entity\UserFcmTokens;
  14. use App\Entity\Users;
  15. use App\Entity\UserVerificationTokens;
  16. use App\Message\SendResetPasswordMessage;
  17. use App\Message\SendVerifyAccountMessage;
  18. use App\Helper\ConstantValues;
  19. use Doctrine\ORM\EntityManagerInterface;
  20. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  21. use Symfony\Component\HttpFoundation\JsonResponse;
  22. use Symfony\Component\HttpFoundation\Response as SymfonyResponse;
  23. use Symfony\Component\HttpFoundation\Request;
  24. use Symfony\Component\Messenger\MessageBusInterface;
  25. use Symfony\Component\Routing\Annotation\Route;
  26. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  27. use Symfony\Contracts\Translation\TranslatorInterface;
  28. use Psr\Log\LoggerInterface;
  30. use OpenApi\Attributes as OA;
  31. use Nelmio\ApiDocBundle\Annotation\Model;
  34. class Auth extends AbstractController
  35. {
  37.     use Response;
  38.     use \App\Controller\Request;
  40.     protected $translator;
  41.     protected $logger;
  43.     public function __construct(TranslatorInterface $translatorLoggerInterface $logger)
  44.     {
  45.         $this->translator $translator;
  46.         $this->logger $logger;
  47.     }
  49.     #[Route("/api/user/register"name"register_user"methods: ["POST"]),
  50.         OA\Tag(name"Access"),
  51.         OA\RequestBody(
  52.             content: new OA\JsonContent(
  53.                 properties: [
  54.                     new OA\Property(property"email"type"string"),
  55.                     new OA\Property(property"source"type"string"),
  56.                     new OA\Property(property"lang"type"string"),
  57.                     new OA\Property(property"tos_consent"type"integer"),
  58.                     new OA\Property(property"gdpr_consent"type"integer"),
  59.                     new OA\Property(property"firstname"type"string"),
  60.                     new OA\Property(property"lastname"type"string"),
  61.                     new OA\Property(property"mobile_phone"type"string"),
  62.                     new OA\Property(property"password"type"string")
  63.                 ]
  64.             )
  65.         ),
  66.         OA\Response(
  67.             response200,
  68.             description"successful register",
  69.             content: new OA\JsonContent(
  70.                 properties: [
  71.                     new OA\Property(property"user"
  72.                         ref: new Model(typeUsers::class))
  73.                 ]
  74.             )
  75.         )
  76.     ]
  77.     public function registerAction(
  78.         Request                     $request,
  79.         EntityManagerInterface      $em,
  80.         UserPasswordHasherInterface $passwordHasher,
  81.         MessageBusInterface         $bus
  82.     )
  83.     {
  84.         # get Request json
  85.         $content $request->getContent();
  86.         # parse JSON to Array
  87.         $data \json_decode($contenttrue);
  88.         $lang $this->getLangFromData($data);
  90.         if (!isset($data['email']) || !$this->isValidEmail($data['email'])) {
  91.             return $this->errorJsonResponse(['response' => $this->translator->trans('Invalid email address', [], 'messages'$lang)]);
  92.         }
  93.         # get doctrine repository : AppUsers
  94.         $repository $em->getRepository(Users::class);
  95.         # find if an user with this email exists
  96.         $user $repository->findOneBy(['emailAddress' => $data['email']]);
  98.         # add new user if the email is not used
  99.         if (!$user) {
  100.             if (empty($data['tos_consent']) || empty($data['gdpr_consent'])) {
  101.                 return $this->errorJsonResponse(
  102.                     [
  103.                         'response' => $this->translator->trans('Compliance not accepted', [], 'messages'$lang),
  104.                         'errors' => ['tos_consent''gdpr_consent']
  105.                     ],
  106.                     SymfonyResponse::HTTP_OK);
  107.             }
  109.             $user = new Users();
  110.             $user->setEmailAddress($data['email']);
  111.             $user->setUsername($data['email']);
  112.             $user->setFirstname(isset($data['firstname']) ? $data['firstname'] : "");
  113.             $user->setLastname(isset($data['lastname']) ? $data['lastname'] : "");
  114.             $user->setMobilePhone(isset($data['mobile_phone']) ? $data['mobile_phone'] : null);
  115.             $user->setFullname($user->getFirstname() . ' ' $user->getLastname());
  116.             $user->setRegisterSource(isset($data['source']) ? $data['source'] : 'app');
  117.             $user->setCreatedAt(new \DateTime());
  118.             $user->setUpdatedAt(new \DateTime());
  119.             $user->setLang($lang);
  120.             $user->setActive(true);
  121.             $user->setUnitMeasure(1);
  122.             $user->setRemoved(false);
  123.             $user->setUserPoints(0);
  124.             $user->setHealthyMinutes(0);
  125.             $user->setEmailVerified(false);
  126.             $user->setTosConsentAt(new \DateTime());
  127.             $user->setGdprConsentAt(new \DateTime());
  129.             $encoded $passwordHasher->hashPassword($user$data['password']);
  130.             $user->setPassword($encoded);
  132.             $em->persist($user);
  133.             $em->flush();
  134.             $em->refresh($user);
  136.             # send verification email
  137.             $verificationCode $em
  138.                 ->getRepository(UserVerificationTokens::class)
  139.                 ->generate($user->getId());
  141.             # preparing URLs
  142.             $verificationUrl rtrim($this->getParameter('application_web_url'), '/')
  143.                 .'/email_verification/'
  144.                 .$verificationCode->getToken();
  146.             $wasNotMeUrl $verificationUrl.'/was_not_me'.'?lang='.$lang;
  147.             $verificationUrl $verificationUrl.'?lang='.$lang;
  149.             # sending email
  150.             $bus->dispatch(
  151.                 (new SendVerifyAccountMessage)
  152.                 ->setBaseApiUrl($this->getParameter("application_api_url"))
  153.                 ->setFrom($this->getParameter('mailer_from_address'))
  154.                 ->setUser($user)
  155.                 ->setSubject($this->translator->trans('Email verification subject', [], 'messages'$lang))
  156.                 ->setView('emails/accountVerification' ucfirst($lang) . '.html.twig')
  157.                 ->setVerificationUrl($verificationUrl)
  158.                 ->setWasNotMeUrl($wasNotMeUrl)
  159.             );
  161.         } else {
  162.             return $this->errorJsonResponse(['response' => $this->translator->trans('Email used', [], 'messages'$lang)]);
  163.         }
  165.         return $this->jsonResponse(['user' => $repository->getUser($user->getId())]);
  166.     }
  169.     #[Route("/api/user/sign_in"name"sign_in"methods: ["POST"]),
  170.         OA\Tag(name"Access"),
  171.         OA\RequestBody(
  172.             content: new OA\JsonContent(
  173.                 properties: [
  174.                     new OA\Property(property"email"type"string"),
  175.                     new OA\Property(property"source"type"string"),
  176.                     new OA\Property(property"lang"type"string"),
  177.                     new OA\Property(property"tos_consent"type"integer"),
  178.                     new OA\Property(property"gdpr_consent"type"integer"),
  179.                     new OA\Property(property"firstname"type"string"),
  180.                     new OA\Property(property"lastname"type"string"),
  181.                     new OA\Property(property"mobile_phone"type"string"),
  182.                     new OA\Property(property"password"type"string")
  183.                 ]
  184.             )
  185.         ),
  186.         OA\Response(
  187.             response200,
  188.             description"successful login",
  189.             content: new OA\JsonContent(
  190.                 properties: [
  191.                     new OA\Property(
  192.                         property"api_token"
  193.                         type"object"
  194.                         properties: [
  195.                             new OA\Property(property"token"type"string"),
  196.                             new OA\Property(
  197.                                 property"expiresAt"type"datetime")
  198.                         ]
  199.                     ),
  200.                     new OA\Property(property"user"
  201.                         ref: new Model(typeUsers::class))
  202.                 ]
  203.             )
  204.         )
  205.     ]
  206.     public function signInAction(
  207.         Request $requestEntityManagerInterface $emUserPasswordHasherInterface $passwordHasher
  208.     )
  209.     {
  210.         # get Request json
  211.         $content $request->getContent();
  212.         # parse JSON to Array
  213.         $data \json_decode($contenttrue);
  214.         $lang $this->getLangFromData($data);
  216.         if (!isset($data['email']) || !$this->isValidEmail($data['email'])) {
  217.             return $this->errorJsonResponse(['response' => $this->translator->trans('Invalid email address', [], 'messages'$lang)]);
  218.         }
  219.         # get doctrine repository : AppUsers
  220.         $repository $em->getRepository(Users::class);
  221.         # find if an user with this email exists
  222.         $user $repository->findOneBy(['emailAddress' => $data['email']]);
  224.         # sign in with FACEBOOK OR GMAIL
  225.         if (isset($data['source']) && in_array($data['source'], ['facebook''gmail''apple'])) {
  226.             if (!$user) {
  227.                 if (empty($data['tos_consent']) || empty($data['gdpr_consent'])) {
  228.                     return $this->errorJsonResponse(
  229.                         [
  230.                             'response' => $this->translator->trans('Compliance not accepted', [], 'messages'$lang),
  231.                             'errors' => ['tos_consent''gdpr_consent']
  232.                         ],
  233.                         SymfonyResponse::HTTP_NOT_FOUND);
  234.                 }
  236.                 $user = new Users();
  237.                 $user->setEmailAddress($data['email']);
  238.                 $user->setUsername($data['email']);
  239.                 $user->setFirstname(isset($data['firstname']) ? $data['firstname'] : null);
  240.                 $user->setLastname(isset($data['lastname']) ? $data['lastname'] : null);
  241.                 $user->setMobilePhone(isset($data['mobile_phone']) ? $data['mobile_phone'] : null);
  242.                 $user->setFullname($user->getFirstname() . ' ' $user->getLastname());
  243.                 $user->setRegisterSource(isset($data['source']) ? $data['source'] : 'app');
  244.                 $user->setCreatedAt(new \DateTime());
  245.                 $user->setUpdatedAt(new \DateTime());
  246.                 $user->setLang($lang);
  247.                 $user->setActive(true);
  248.                 $user->setRemoved(false);
  249.                 $user->setRegisterSource($data['source']);
  250.                 $user->setUnitMeasure(1);
  251.                 $user->setUserPoints(0);
  252.                 $user->setHealthyMinutes(0);
  253.                 $user->setEmailVerified(true);
  254.                 $user->setTosConsentAt(new \DateTime());
  255.                 $user->setGdprConsentAt(new \DateTime());
  257.                 $encoded $passwordHasher->hashPassword($user, (isset($data['password']) ? $data['password'] : 1234));
  258.                 $user->setPassword($encoded);
  260.                 $em->persist($user);
  261.                 $em->flush();
  262.             }
  263.         } else {
  264.             if (!$user || !$passwordHasher->isPasswordValid($user$data['password'])) {
  265.                 return $this->errorJsonResponse(['response' => $this->translator->trans('Invalid credentials', [], 'messages'$lang)]);
  266.             }
  267.         }
  269.         $user->setLang($lang);
  271.         // not allow log-in of unverified addresses
  272.         if (!$user->getEmailVerified()) {
  273.             return $this->explicitErrorJsonResponse(
  274.                 ['response' => $this->translator->trans('Email verification error', [], 'messages'$lang)],
  275.                 SymfonyResponse::HTTP_OK,
  276.                 errors: [ConstantValues::ISSUE_EMAIL_NOT_VERIFIED],
  277.             );
  278.         }
  280.         // generate apiToken
  281.         $apiToken = new ApiToken(
  282.             $user,
  283.             new \DateTime(sprintf('+%d seconds'$this->getParameter('auth_token_expiration_seconds')))
  284.         );
  285.         $em->persist($apiToken);
  287.         $em->persist($user);
  288.         $em->flush();
  290.         # send status ok
  291.         return $this->jsonResponse([
  292.             'user' => $repository->getUser($user->getId()),
  293.             'api_token' => [
  294.                 'token' => $apiToken->getToken(),
  295.                 'expiresAt' => $apiToken->getExpiresAt(),
  296.             ],
  297.         ]);
  298.     }
  300.     /**
  301.      * @Route("/api/user/{id}/token", name="save_user_token", methods={"POST"})
  302.      */
  303.     #[Route("/api/user/{id}/token"
  304.             name"save_user_token"methods: ["POST"]),
  305.         OA\Tag(name"Access"),
  306.         OA\RequestBody(
  307.             content: new OA\JsonContent(
  308.                 properties: [
  309.                     new OA\Property(property"token"type"string"
  310.                         description"user token"),
  311.                 ]
  312.             )
  313.         )
  314.     ]
  315.     public function saveUserTokenAction($idRequest $requestEntityManagerInterface $em)
  316.     {
  317.         try {
  318.             $user $this->getUser(); // TOKEN
  319.             if (!$user or ! $user instanceof Users) {
  320.                 $type is_null($user) ? 'null' get_class($user);
  321.                 return $this->errorJsonResponse(['message' => "User not found or invalid ($type)"]);
  322.             }
  323.             # get Request json
  324.             $content $request->getContent();
  325.             # parse JSON to Array
  326.             $data \json_decode($contenttrue);
  327.             $lang $this->getLangFromData($data);
  329.             if (!isset($data['token']) || empty($data['token'])) {
  330.                 return $this->errorJsonResponse(['response' => $this->translator->trans('Token not found', [], 'messages'$lang)]);
  331.             }
  333.             # get doctrine repository : AppUsers
  334.             $repository $em->getRepository(UserFcmTokens::class);
  335.             # find if an user with this email exists
  336.             $token $repository->findOneBy([
  337.                 'token' => $data['token'],
  338.             ]);
  340.             $token_exists false;
  342.             if (!$token) {
  343.                 $token = new UserFcmTokens();
  344.                 $token->setUserId($user->getId());
  345.                 $token->setRemoved(false);
  346.                 $token->setToken($data['token']);
  347.             } else {
  348.                 $token->setUserId($user->getId());
  349.                 $token_exists true;
  350.             }
  352.             $em->persist($token);
  353.             $em->flush();
  355.         } catch (\Exception $exception) {
  356.             $this->logger->error(json_encode([
  357.                 'timestamp' => (new \DateTime())->format(\DateTime::ATOM),
  358.                 'endpoint' => sprintf('api/user/%d/token'$id),
  359.                 'error' => $exception->getMessage(),
  360.                 'data' => $data,
  361.                 'token_exists' => $token_exists
  362.         ]));
  363.     }
  365.         # send status ok regardless
  366.         return $this->jsonResponse([]);
  367.     }
  369.     #[Route("/api/user/{id}/update"name"update_user"methods: ["PUT"]),
  370.         OA\Tag(name"Access"),
  371.         OA\RequestBody(
  372.             content: new OA\JsonContent(
  373.                 properties: [
  374.                     new OA\Property(property"email"type"string"),
  375.                     new OA\Property(property"lang"type"string"),
  376.                     new OA\Property(property"tos_consent"type"integer"),
  377.                     new OA\Property(property"gdpr_consent"type"integer"),
  378.                     new OA\Property(property"firstname"type"string"),
  379.                     new OA\Property(property"lastname"type"string"),
  380.                     new OA\Property(property"mobile_phone"type"string"),
  381.                     new OA\Property(property"password"type"string"),
  382.                     new OA\Property(property"unit_measure"type"integer")
  383.                 ]
  384.             )
  385.         ),
  386.         OA\Response(
  387.             response200,
  388.             description"successful update",
  389.             content: new OA\JsonContent(
  390.                 properties: [
  391.                     new OA\Property(property"user"
  392.                         ref: new Model(typeUsers::class))
  393.                 ]
  394.             )
  395.         )
  396.     ]
  397.     public function updateUserAction(
  398.         $idRequest $requestEntityManagerInterface $emUserPasswordHasherInterface $passwordHasher
  399.     )
  400.     {
  401.         try {
  402.             $user $this->getUser(); // TOKEN
  403.             if (!$user or ! $user instanceof Users) {
  404.                 $type is_null($user) ? 'null' get_class($user);
  405.                 return $this->errorJsonResponse(['message' => "User not found or invalid ($type)"]);
  406.             }
  407.             # get Request json
  408.             $content $request->getContent();
  409.             # parse JSON to Array
  410.             $data \json_decode($contenttrue);
  411.             $lang $this->getLangFromData($data);
  413.             if (!isset($data['email']) || !$this->isValidEmail($data['email'])) {
  414.                 return $this->errorJsonResponse(['response' => $this->translator->trans('Invalid email address', [], 'messages'$lang)]);
  415.             }
  417.             # get doctrine repository : AppUsers
  418.             $repository $em->getRepository(Users::class);
  420.             if ($user) {
  421.                 if ($user->getEmailAddress() !== $data['email']) {
  422.                     # get doctrine repository : AppUsers
  423.                     $checkUser $em->createQueryBuilder()
  424.                         ->select('u')
  425.                         ->from(Users::class, 'u')
  426.                         ->where('u.id != :id AND u.emailAddress = :email')
  427.                         ->setParameter('id'$id)
  428.                         ->setParameter('email'$data['email'])
  429.                         ->getQuery()
  430.                         ->getResult();
  432.                     if ($checkUser) {
  433.                         return $this->errorJsonResponse(['response' => $this->translator->trans('Email used', [], 'messages'$lang)]);
  434.                     }
  435.                 }
  437.                 $user->setEmailAddress($data['email']);
  438.                 $user->setUsername($data['email']);
  439.                 $user->setFirstname(isset($data['firstname']) ? $data['firstname'] : $user->getFirstname());
  440.                 $user->setLastname(isset($data['lastname']) ? $data['lastname'] : $user->getLastname());
  441.                 $user->setMobilePhone(isset($data['mobile_phone']) ? $data['mobile_phone'] : $user->getMobilePhone());
  442.                 $user->setFullname($user->getFirstname() . ' ' $user->getLastname());
  443.                 $user->setLang($lang);
  444.                 $user->setUnitMeasure($data['unit_measure'] ?? 1);
  446.                 if (!empty($data['tos_consent'])) {
  447.                     $user->setTosConsentAt(new \DateTime());
  448.                 }
  449.     
  450.                 if (!empty($data['gdpr_consent'])) {
  451.                     $user->setGdprConsentAt(new \DateTime());
  452.                 }
  454.                 if (!empty($data['password'])) {
  455.                     $encoded $passwordHasher->hashPassword($user$data['password']);
  456.                     $user->setPassword($encoded);
  457.                 }
  459.                 $em->persist($user);
  460.                 $em->flush();
  462.                 # send status ok
  463.                 return $this->jsonResponse([
  464.                     'status' => 'OK',
  465.                     'user' => $repository->getUser($user->getId()),
  466.                 ]);
  467.             } else {
  468.                 return $this->errorJsonResponse(['response' => $this->translator->trans('User not found', [], 'messages'$lang)]);
  469.             }
  470.         } catch (\Exception $exception) {
  471.             return new JsonResponse([
  472.                 'status' => 'error',
  473.                 'message' => $exception->getMessage(),
  474.             ], 200);
  475.         }
  476.     }
  478.     #[Route("/api/user/reset_password"
  479.             name"reset_user_password"methods: ["POST"]),
  480.         OA\Tag(name"Access"),
  481.         OA\RequestBody(
  482.             content: new OA\JsonContent(
  483.                 properties: [
  484.                     new OA\Property(property"email_address"type"string"
  485.                         description"user email address"),
  486.                     new OA\Property(property"lang"type"string"
  487.                         description"language code")
  488.                 ]
  489.             )
  490.         )
  491.     ]
  492.     public function resetPasswordAction(
  493.         Request                     $request,
  494.         UserPasswordHasherInterface $passwordHasher,
  495.         EntityManagerInterface      $em,
  496.         MessageBusInterface         $bus
  497.     )
  498.     {
  499.         try {
  500.             # get Request json
  501.             $content $request->getContent();
  502.             # parse JSON to Array
  503.             $data \json_decode($contenttrue);
  504.             $lang $this->getLangFromData($data);
  506.             if (!isset($data['email']) || !$this->isValidEmail($data['email'])) {
  507.                 return $this->errorJsonResponse(['response' => $this->translator->trans('Invalid email address', [], 'messages'$lang)]);
  508.             }
  510.             # get doctrine repository : AppUsers
  511.             $repository $em->getRepository(Users::class);
  512.             # find if an user with this email exists
  513.             $user $repository->findOneBy([
  514.                 'emailAddress' => $data['email'],
  515.             ]);
  517.             if ($user) {
  518.                 $newPassword \bin2hex(\random_bytes(5));
  520.                 $encoded $passwordHasher->hashPassword($user$newPassword);
  521.                 $user->setPassword($encoded);
  523.                 $em->persist($user);
  524.                 $em->flush();
  526.                 $bus->dispatch(
  527.                     (new SendResetPasswordMessage)
  528.                     ->setBaseApiUrl($this->getParameter("application_api_url"))
  529.                     ->setFrom($this->getParameter('mailer_from_address'))
  530.                     ->setUser($user)
  531.                     ->setSubject($this->translator->trans('Reset password', [], 'messages'$lang))
  532.                     ->setView('emails/resetPassword' ucfirst($lang) . '.html.twig')
  533.                     ->setPassword($newPassword)
  534.                 );
  535.             } else {
  536.                 return $this->errorJsonResponse(['response' => $this->translator->trans('User not found', [], 'messages'$lang)]);
  537.             }
  539.             # send status ok
  540.             return $this->jsonResponse([]);
  541.         } catch (\Exception $exception) {
  542.             return new JsonResponse([
  543.                 'status' => 'error',
  544.                 'message' => $exception->getMessage(),
  545.             ], 200);
  546.         }
  547.     }
  549.     #[Route("/api/user/{id}"name"get_user_details"methods: ["GET"]),
  550.         OA\Tag(name"Access"),
  551.         OA\Response(
  552.             response200,
  553.             description"successful fetch",
  554.             content: new OA\JsonContent(
  555.                 properties: [
  556.                     new OA\Property(property"user"
  557.                         ref: new Model(typeUsers::class))
  558.                 ]
  559.             )
  560.         )
  561.     ]
  562.     public function getUserAction($idEntityManagerInterface $em)
  563.     {
  564.         $user $this->getUser(); // TOKEN
  565.         if (!$user or ! $user instanceof Users) {
  566.             $type is_null($user) ? 'null' get_class($user);
  567.             return $this->errorJsonResponse(['message' => "User not found or invalid ($type)"]);
  568.         }
  569.         # get doctrine repository : AppUsers
  570.         $repository $em->getRepository(Users::class);
  572.         # send status ok
  573.         return $this->jsonResponse(['user' => $repository->getUser($user->getId())]);
  574.     }
  576. }