custom/plugins/NextagLogin/src/Controller/AuthController.php line 122

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace Nextag\Login\Controller;
  7. use Shopware\Core\Checkout\Customer\CustomerEntity;
  8. use Shopware\Storefront\Controller\StorefrontController;
  9. use Shopware\Core\Checkout\Customer\Exception\BadCredentialsException;
  10. use Shopware\Core\Checkout\Customer\Exception\CustomerNotFoundByHashException;
  11. use Shopware\Core\Checkout\Customer\Exception\CustomerNotFoundException;
  12. use Shopware\Core\Checkout\Customer\Exception\CustomerRecoveryHashExpiredException;
  13. use Shopware\Core\Checkout\Customer\Exception\InactiveCustomerException;
  14. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractLoginRoute;
  15. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractLogoutRoute;
  16. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractResetPasswordRoute;
  17. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractSendPasswordRecoveryMailRoute;
  18. use Shopware\Core\Content\Category\Exception\CategoryNotFoundException;
  19. use Shopware\Core\Framework\Context;
  20. use Shopware\Core\Framework\DataAbstractionLayer\EntityRepositoryInterface;
  21. use Shopware\Core\Framework\DataAbstractionLayer\Exception\InconsistentCriteriaIdsException;
  22. use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
  23. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter;
  24. use Shopware\Core\Framework\Routing\Annotation\RouteScope;
  25. use Shopware\Core\Framework\Routing\Exception\MissingRequestParameterException;
  26. use Shopware\Core\Framework\Validation\DataBag\RequestDataBag;
  27. use Shopware\Core\Framework\Validation\Exception\ConstraintViolationException;
  28. use Shopware\Core\System\SalesChannel\SalesChannelContext;
  29. use Shopware\Core\System\SystemConfig\SystemConfigService;
  30. use Shopware\Storefront\Framework\Routing\RequestTransformer;
  31. use Shopware\Storefront\Page\Account\Login\AccountLoginPageLoader;
  32. use Symfony\Component\HttpFoundation\Cookie;
  33. use Symfony\Component\HttpFoundation\Request;
  34. use Symfony\Component\HttpFoundation\Response;
  35. use Symfony\Component\HttpFoundation\JsonResponse;
  36. use Symfony\Component\HttpFoundation\RedirectResponse;
  37. use Shopware\Core\Checkout\Cart\SalesChannel\CartService;
  38. use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
  39. use Symfony\Component\Routing\Annotation\Route;
  40. use Symfony\Component\HttpFoundation\Session\Session;
  42. /**
  43.  * @RouteScope(scopes={"storefront"})
  44.  */
  45. class AuthController extends StorefrontController
  46. {
  48.     /**
  49.      * @var EntityRepositoryInterface
  50.      */
  51.     private $customerRepository;
  53.     /**
  54.      * @var AccountLoginPageLoader
  55.      */
  56.     private $loginPageLoader;
  58.     /**
  59.      * @var EntityRepositoryInterface
  60.      */
  61.     private $customerRecoveryRepository;
  63.     /**
  64.      * @var AbstractSendPasswordRecoveryMailRoute
  65.      */
  66.     private $sendPasswordRecoveryMailRoute;
  68.     /**
  69.      * @var AbstractResetPasswordRoute
  70.      */
  71.     private $resetPasswordRoute;
  73.     /**
  74.      * @var AbstractLoginRoute
  75.      */
  76.     private $loginRoute;
  78.     /**
  79.      * @var AbstractLogoutRoute
  80.      */
  81.     private $logoutRoute;
  83.     
  84.     /**
  85.      * @var SystemConfigService
  86.      */
  87.     private $systemConfig;
  89.     private $cartService;
  90.     private $session;
  91.     private $log;
  93.     public function __construct(
  94.         AccountLoginPageLoader $loginPageLoader,
  95.         EntityRepositoryInterface $customerRecoveryRepository,
  96.         AbstractSendPasswordRecoveryMailRoute $sendPasswordRecoveryMailRoute,
  97.         AbstractResetPasswordRoute $resetPasswordRoute,
  98.         AbstractLoginRoute $loginRoute,
  99.         SystemConfigService $systemConfig,
  100.         AbstractLogoutRoute $logoutRoute,
  101.         CartService $cartService,
  102.         EntityRepositoryInterface $customerRepository,
  103.         Session $session,
  104.         \Nextag\Login\Helper\Log $log
  105.     ) {
  106.         $this->loginPageLoader $loginPageLoader;
  107.         $this->customerRecoveryRepository $customerRecoveryRepository;
  108.         $this->sendPasswordRecoveryMailRoute $sendPasswordRecoveryMailRoute;
  109.         $this->resetPasswordRoute $resetPasswordRoute;
  110.         $this->loginRoute $loginRoute;
  111.         $this->logoutRoute $logoutRoute;
  112.         $this->systemConfig $systemConfig;
  113.         $this->cartService $cartService;
  114.         $this->customerRepository $customerRepository;
  115.         $this->session $session;
  116.         $this->log $log;
  117.     }
  119.     /**
  120.      * @Route("/account/login", name="frontend.account.login.page", methods={"GET"})
  121.      */
  122.     public function loginPage(Request $requestRequestDataBag $dataSalesChannelContext $context): Response
  123.     {
  124.         /** @var string $redirect */
  125.         $redirect $request->get('redirectTo''frontend.account.home.page');
  127.         // if ($context->getCustomer() && $context->getCustomer()->getGuest() == false) {
  128.         //     return $this->createActionResponse($request);
  129.         // }
  131.         $page $this->loginPageLoader->load($request$context);
  133.         return $this->renderStorefront('@Storefront/storefront/page/account/register/index.html.twig', [
  134.             'redirectTo' => $redirect,
  135.             'redirectParameters' => $request->get('redirectParameters'json_encode([])),
  136.             'page' => $page,
  137.             'loginError' => (bool) $request->get('loginError'),
  138.             'errorSnippet' => $request->get('errorSnippet'),
  139.             'data' => $data,
  140.         ]);
  141.     }
  143.     /**
  144.      * @Route("/account/logout", name="frontend.account.logout.page", methods={"GET"})
  145.      */
  146.     public function logout(Request $requestSalesChannelContext $contextRequestDataBag $dataBag): Response
  147.     {
  148.         if ($context->getCustomer() === null) {
  149.             return $this->redirectToRoute('frontend.account.login.page');
  150.         }
  151.         $this->session->set("pos""");
  153.         try {
  154.             $this->logoutRoute->logout($context$dataBag);
  155.             $this->addFlash(self::SUCCESS$this->trans('account.logoutSucceeded'));
  157.             $parameters = [];
  158.         } catch (ConstraintViolationException $formViolations) {
  159.             $parameters = ['formViolations' => $formViolations];
  160.         }
  162.         return $this->redirectToRoute('frontend.account.login.page'$parameters);
  163.     }
  166.     /**
  167.      * @Route("/account/login", name="frontend.account.login", methods={"POST"}, defaults={"XmlHttpRequest"=true})
  168.      */
  169.     public function login(Request $requestRequestDataBag $dataSalesChannelContext $context): Response
  170.     {
  171.         if ($context->getCustomer() && $context->getCustomer()->getGuest() == false) {
  172.             return $this->createActionResponse($request);
  173.         }
  174.         $errorSnippet null;
  175.         // try {
  176.         //     $token = $this->loginRoute->login($data, $context)->getToken();
  177.         //     if (!empty($token)) {
  178.         //         $this->addCartErrors($this->cartService->getCart($token, $context));
  180.         //         return $this->createActionResponse($request);
  181.         //     }
  182.         // } catch (BadCredentialsException | UnauthorizedHttpException | InactiveCustomerException $e) {
  183.         //     if ($e instanceof InactiveCustomerException) {
  184.         //         $errorSnippet = $e->getSnippetKey();
  185.         //     }
  186.         // }
  188.         // $data->set('password', null);
  190.         // return $this->forwardToRoute(
  191.         //     'frontend.account.login.page',
  192.         //     [
  193.         //         'loginError' => true,
  194.         //         'errorSnippet' => $errorSnippet ?? null,
  195.         //     ]
  196.         // );
  198.         try {
  199.             // if ($data->get("password") == "test1234" && $request->get("sw-sales-channel-absolute-base-url") != "https://martel.dev5") {
  200.             //     throw new BadCredentialsException();
  201.             // }
  202.             $email $data->get('email'$data->get('username'));
  203.             $password $data->get('password');
  204.             $token $this->loginRoute->login($data$context)->getToken();
  205.            
  206.             if (!empty($token)) {              
  207.                 $this->log->info("Login von: " $email ." erfolgreich. Token: " $tokenfalse);
  208.                 $this->addCartErrors($this->cartService->getCart($token$context));
  210.                 $loginReferer $data->get("loginReferer");
  211.                 if ($loginReferer && $loginReferer != "") {
  212.                     if (strpos($loginReferer"/account/login")) {
  213.                         $loginReferer explode("/account/login"$loginReferer)[0];
  214.                     }
  215.                     if (strpos($loginReferer"/account/recover/password")) {
  216.                         return $this->redirectToRoute('frontend.account.login.page');
  217.                     }
  218.                     $timestamp date('YmdGis');
  219.                     if (strpos($loginReferer"?")) {
  220.                         $response = new RedirectResponse($loginReferer "&cache=" $timestamp302);
  221.                     } else {
  222.                         $response = new RedirectResponse($loginReferer "?cache=" $timestamp302);
  223.                     }
  224.                     return $response;
  225.                     //return $this->createActionResponse($request);
  226.                 } else {
  227.                     return $this->createActionResponse($request);
  228.                 }
  229.             }
  230.         } catch (BadCredentialsException UnauthorizedHttpException InactiveCustomerException $e) {
  231.             //if ($e instanceof InactiveCustomerException) {
  232.             //    $errorSnippet = $e->getSnippetKey();
  233.             //}
  234.             $this->log->info("Login von: " $email " fehlgeschlagen mit Fehlermeldung: " $e->getMessage(), false);
  235.         }
  237.         $data->set('password'null);
  239.         if ($errorSnippet == null) {
  240.             $this->log->info("Login von: " $email ." fehlgeschlagen"false);
  241.         } else {
  242.             $this->log->info("Login von: " $email " fehlgeschlagen: " json_encode($errorSnippet), false);
  243.         }
  245.         return $this->forwardToRoute(
  246.             'frontend.account.login.page',
  247.             [
  248.                 'loginError' => true,
  249.                 'errorSnippet' => $errorSnippet ?? null,
  250.             ]
  251.         );
  252.     }
  254.     /**
  255.      * @Route("/account/recover", name="frontend.account.recover.page", methods={"GET"})
  256.      *
  257.      * @throws CategoryNotFoundException
  258.      * @throws InconsistentCriteriaIdsException
  259.      * @throws MissingRequestParameterException
  260.      */
  261.     public function recoverAccountForm(Request $requestSalesChannelContext $context): Response
  262.     {
  263.         $page $this->loginPageLoader->load($request$context);
  265.         return $this->renderStorefront('@Storefront/storefront/page/account/profile/recover-password.html.twig', [
  266.             'page' => $page,
  267.         ]);
  268.     }
  270.     /**
  271.      * @Route("/account/emailexists", name="frontend.account.emailexists", methods={"GET"})
  272.      *
  273.      */
  274.     public function checkEmail(Request $requestSalesChannelContext $context): JsonResponse
  275.     {
  276.         $email $request->query->get("email");
  277.         
  278.         $criteria = new Criteria();
  279.         $criteria->addFilter(new EqualsFilter("guest",false));
  280.         $criteria->addFilter(new EqualsFilter("email",$email));
  281.         $customer $this->customerRepository->search($criteria,$context->getContext())->first();
  282.         if ($customer) {
  283.             $response = new JsonResponse(
  284.                 [                
  285.                  'result' => true
  286.                  'email' => $email
  287.                 ],
  288.                 200
  289.             );
  290.         } else {
  291.             $response = new JsonResponse(
  292.                 [                
  293.                  'result' => false,
  294.                 'email' => ''
  295.                 ],
  296.                 200
  297.             );
  298.         }
  299.       
  300.         return $response;
  301.     }
  303.     /**
  304.      * @param string $loginName
  305.      * @param Context $context
  306.      * @return string
  307.      * @throws CustomerNotFoundException
  308.      * @throws \Shopware\Core\Framework\DataAbstractionLayer\Exception\InconsistentCriteriaIdsException
  309.      */
  310.     private function getCustomerByLoginNameRecovery(string $loginNameSalesChannelContext $context)
  311.     {
  312.         $customField =  $this->systemConfig->get("NextagLogin.config.customField");
  313.         $customer null;
  314.         if ($customField != null && $customField != "") {
  315.             $criteria = new Criteria();
  316.             $criteria->addFilter(new EqualsFilter('guest'0));
  317.             $criteria->addFilter(new EqualsFilter('customFields.' $customField$loginName));
  318.             $criteria->setLimit(1);
  320.             /** @var CustomerEntity $customer */
  321.             $customer $this->customerRepository->search($criteria$context->getContext())->first();
  322.         }
  323.         if (!$customer || !$customer->getEmail()) {
  324.             $criteria = new Criteria();
  325.             $criteria->addFilter(new EqualsFilter('guest'0));
  326.             $criteria->addFilter(new EqualsFilter('email'$loginName));
  327.             $criteria->setLimit(1);
  329.             /** @var CustomerEntity $customer */
  330.             $customer $this->customerRepository->search($criteria$context->getContext())->first();
  331.             if ($customer) {
  332.                 try {
  333.                     if ($customer->getCustomFields() == null) {
  334.                         return $customer;
  335.                     }
  336.                     if ($customer->getCustomFields() && !isset($customer->getCustomFields()[$customField]) || $customer->getCustomFields() && $customer->getCustomFields()[$customField] == $loginName) {
  337.                         return $customer;
  338.                     } else {
  339.                        return null;
  340.                     }
  341.                 } catch (\Exception $exception) {
  342.                     return $customer;
  343.                 }
  344.             } else {
  345.                return null;
  346.             }
  347.         }
  348.         return $customer;
  349.     }
  351.     /**
  352.      * @Route("/account/recover", name="frontend.account.recover.request", methods={"POST"})
  353.      */
  354.     public function generateAccountRecovery(Request $requestRequestDataBag $dataSalesChannelContext $context): Response
  355.     {
  356.         try {
  357.             $accountID $data->get('email')->get("email");
  358.             $customer $this->getCustomerByLoginNameRecovery($accountID$context);
  359.             if ($customer) {
  360.                 $data->get('email')->set("customerId"$customer->get("id"));
  361.                 $data->get('email')->set("email"$customer->get("email"));
  362.                 $data->get('email')->set("accountId"$accountID);
  363.                 $data->get('email')
  364.                     ->set('storefrontUrl'$request->attributes->get(RequestTransformer::STOREFRONT_URL));
  366.                 $this->sendPasswordRecoveryMailRoute->sendRecoveryMail(
  367.                     $data->get('email')->toRequestDataBag(),
  368.                     $context,
  369.                     false
  370.                 );
  371.                 $email $data->get('email')->get('email');
  372.             }
  373.             $this->addFlash('success'$this->trans('account.recoveryMailSend'));
  374.         } catch (CustomerNotFoundException $e) {
  375.             $this->addFlash('success'"");
  376.         } catch (InconsistentCriteriaIdsException $e) {
  377.             $this->addFlash('danger'$this->trans('error.message-default'));
  378.         }
  380.         return $this->redirectToRoute('frontend.account.recover.page');
  381.     }
  383.     /**
  384.      * @Route("/account/recover/password", name="frontend.account.recover.password.page", methods={"GET"})
  385.      *
  386.      * @throws CategoryNotFoundException
  387.      * @throws InconsistentCriteriaIdsException
  388.      * @throws MissingRequestParameterException
  389.      */
  390.     public function resetPasswordForm(Request $requestSalesChannelContext $context): Response
  391.     {
  392.         $page $this->loginPageLoader->load($request$context);
  393.         $hash $request->get('hash');
  395.         if (!$hash) {
  396.             $this->addFlash('danger'$this->trans('account.passwordHashNotFound'));
  397.             return $this->redirectToRoute('frontend.account.recover.request');
  398.         }
  400.         $customerHashCriteria = new Criteria();
  401.         $customerHashCriteria->addFilter(new EqualsFilter('hash'$hash));
  403.         $customerRecovery $this->customerRecoveryRepository
  404.             ->search($customerHashCriteria$context->getContext())
  405.             ->first();
  407.         if ($customerRecovery === null) {
  408.             $this->addFlash('danger'$this->trans('account.passwordHashNotFound'));
  410.             return $this->redirectToRoute('frontend.account.recover.request');
  411.         }
  413.         if (!$this->checkHash($hash$context->getContext())) {
  414.             $this->addFlash('danger'$this->trans('account.passwordHashExpired'));
  416.             return $this->redirectToRoute('frontend.account.recover.request');
  417.         }
  419.         return $this->renderStorefront('@Storefront/storefront/page/account/profile/reset-password.html.twig', [
  420.             'page' => $page,
  421.             'hash' => $hash,
  422.             'formViolations' => $request->get('formViolations'),
  423.         ]);
  424.     }
  426.     /**
  427.      * @Route("/account/recover/password", name="frontend.account.recover.password.reset", methods={"POST"})
  428.      *
  429.      * @throws InconsistentCriteriaIdsException
  430.      */
  431.     public function resetPassword(RequestDataBag $dataSalesChannelContext $context): Response
  432.     {
  433.         $hash $data->get('password')->get('hash');
  434.         try {
  435.             $pw $data->get('password');
  436.             $email "unbekannt";
  437.            
  438.             $customerHashCriteria = new Criteria();
  439.             $customerHashCriteria->addFilter(new EqualsFilter('hash'$hash));
  440.             $customerHashCriteria->addAssociation('customer');
  441.             $customerRecovery $this->customerRecoveryRepository->search($customerHashCriteria$context->getContext())->first();
  442.             if ($customerRecovery) {
  443.                 $customer $customerRecovery->getCustomer();
  444.                 if ($customer) {
  445.                     $email $customer->getEmail();
  446.                 }
  447.             }
  449.             $this->resetPasswordRoute->resetPassword($pw->toRequestDataBag(), $context);
  450.             $this->addFlash('success'$this->trans('account.passwordChangeSuccess'));
  452.             $this->log->info("Passwort reset für: " $email " erfolgreich"false);
  453.         } catch (ConstraintViolationException $formViolations) {
  454.             $this->log->info("Passwort reset für: " $email " nicht erfolgreich (ConstraintViolationException)"false);
  455.             $this->addFlash('danger'$this->trans('account.passwordChangeNoSuccess'));
  456.             return $this->forwardToRoute(
  457.                 'frontend.account.recover.password.page',
  458.                 ['hash' => $hash'formViolations' => $formViolations'passwordFormViolation' => true]
  459.             );
  460.         } catch (CustomerNotFoundByHashException $e) {
  461.             $this->log->info("Passwort reset für: " $email " nicht erfolgreich (CustomerNotFoundByHashException)"false);
  462.             $this->addFlash('danger'$this->trans('account.passwordChangeNoSuccess'));
  463.             return $this->forwardToRoute('frontend.account.recover.request');
  464.         } catch (CustomerRecoveryHashExpiredException $e) {
  465.             $this->log->info("Passwort reset für: " $email " nicht erfolgreich (CustomerRecoveryHashExpiredException)"false);
  466.             $this->addFlash('danger'$this->trans('account.passwordHashExpired'));
  467.             return $this->forwardToRoute('frontend.account.recover.request');
  468.         }
  470.         return $this->redirectToRoute('frontend.account.login.page');
  471.     }
  473.     private function checkHash(string $hashContext $context): bool
  474.     {
  475.         $criteria = new Criteria();
  476.         $criteria->addFilter(new EqualsFilter('hash'$hash));
  478.         $recovery $this->customerRecoveryRepository->search($criteria$context)->first();
  480.         $validDateTime = (new \DateTime())->sub(new \DateInterval('PT2H'));
  482.         return $recovery && $validDateTime $recovery->getCreatedAt();
  483.     }
  484. }