vendor/shopware/storefront/Controller/AuthController.php line 81

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Storefront\Controller;
  5. use Shopware\Core\Checkout\Cart\SalesChannel\CartService;
  6. use Shopware\Core\Checkout\Customer\Exception\BadCredentialsException;
  7. use Shopware\Core\Checkout\Customer\Exception\CustomerAuthThrottledException;
  8. use Shopware\Core\Checkout\Customer\Exception\CustomerNotFoundByHashException;
  9. use Shopware\Core\Checkout\Customer\Exception\CustomerNotFoundException;
  10. use Shopware\Core\Checkout\Customer\Exception\CustomerRecoveryHashExpiredException;
  11. use Shopware\Core\Checkout\Customer\Exception\InactiveCustomerException;
  12. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractLoginRoute;
  13. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractLogoutRoute;
  14. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractResetPasswordRoute;
  15. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractSendPasswordRecoveryMailRoute;
  16. use Shopware\Core\Content\Category\Exception\CategoryNotFoundException;
  17. use Shopware\Core\Framework\Context;
  18. use Shopware\Core\Framework\DataAbstractionLayer\EntityRepositoryInterface;
  19. use Shopware\Core\Framework\DataAbstractionLayer\Exception\InconsistentCriteriaIdsException;
  20. use Shopware\Core\Framework\DataAbstractionLayer\Search\Criteria;
  21. use Shopware\Core\Framework\DataAbstractionLayer\Search\Filter\EqualsFilter;
  22. use Shopware\Core\Framework\RateLimiter\Exception\RateLimitExceededException;
  23. use Shopware\Core\Framework\Routing\Annotation\RouteScope;
  24. use Shopware\Core\Framework\Routing\Annotation\Since;
  25. use Shopware\Core\Framework\Routing\Exception\MissingRequestParameterException;
  26. use Shopware\Core\Framework\Validation\DataBag\RequestDataBag;
  27. use Shopware\Core\Framework\Validation\Exception\ConstraintViolationException;
  28. use Shopware\Core\System\SalesChannel\SalesChannelContext;
  29. use Shopware\Storefront\Framework\Routing\Annotation\NoStore;
  30. use Shopware\Storefront\Framework\Routing\RequestTransformer;
  31. use Shopware\Storefront\Page\Account\Login\AccountGuestLoginPageLoadedHook;
  32. use Shopware\Storefront\Page\Account\Login\AccountLoginPageLoadedHook;
  33. use Shopware\Storefront\Page\Account\Login\AccountLoginPageLoader;
  34. use Symfony\Component\HttpFoundation\Request;
  35. use Symfony\Component\HttpFoundation\Response;
  36. use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
  37. use Symfony\Component\Routing\Annotation\Route;
  39. /**
  40.  * @RouteScope(scopes={"storefront"})
  41.  */
  42. class AuthController extends StorefrontController
  43. {
  44.     private AccountLoginPageLoader $loginPageLoader;
  46.     private EntityRepositoryInterface $customerRecoveryRepository;
  48.     private AbstractSendPasswordRecoveryMailRoute $sendPasswordRecoveryMailRoute;
  50.     private AbstractResetPasswordRoute $resetPasswordRoute;
  52.     private AbstractLoginRoute $loginRoute;
  54.     private AbstractLogoutRoute $logoutRoute;
  56.     private CartService $cartService;
  58.     public function __construct(
  59.         AccountLoginPageLoader $loginPageLoader,
  60.         EntityRepositoryInterface $customerRecoveryRepository,
  61.         AbstractSendPasswordRecoveryMailRoute $sendPasswordRecoveryMailRoute,
  62.         AbstractResetPasswordRoute $resetPasswordRoute,
  63.         AbstractLoginRoute $loginRoute,
  64.         AbstractLogoutRoute $logoutRoute,
  65.         CartService $cartService
  66.     ) {
  67.         $this->loginPageLoader $loginPageLoader;
  68.         $this->customerRecoveryRepository $customerRecoveryRepository;
  69.         $this->sendPasswordRecoveryMailRoute $sendPasswordRecoveryMailRoute;
  70.         $this->resetPasswordRoute $resetPasswordRoute;
  71.         $this->loginRoute $loginRoute;
  72.         $this->logoutRoute $logoutRoute;
  73.         $this->cartService $cartService;
  74.     }
  76.     /**
  77.      * @Since("6.0.0.0")
  78.      * @Route("/account/login", name="frontend.account.login.page", methods={"GET"})
  79.      * @NoStore
  80.      */
  81.     public function loginPage(Request $requestRequestDataBag $dataSalesChannelContext $context): Response
  82.     {
  83.         /** @var string $redirect */
  84.         $redirect $request->get('redirectTo''frontend.account.home.page');
  86.         $customer $context->getCustomer();
  88.         if ($customer !== null && $customer->getGuest() === false) {
  89.             $request->request->set('redirectTo'$redirect);
  91.             return $this->createActionResponse($request);
  92.         }
  94.         $page $this->loginPageLoader->load($request$context);
  96.         $this->hook(new AccountLoginPageLoadedHook($page$context));
  98.         return $this->renderStorefront('@Storefront/storefront/page/account/register/index.html.twig', [
  99.             'redirectTo' => $redirect,
  100.             'redirectParameters' => $request->get('redirectParameters'json_encode([])),
  101.             'page' => $page,
  102.             'loginError' => (bool) $request->get('loginError'),
  103.             'waitTime' => $request->get('waitTime'),
  104.             'errorSnippet' => $request->get('errorSnippet'),
  105.             'data' => $data,
  106.         ]);
  107.     }
  109.     /**
  110.      * @Since("6.3.4.1")
  111.      * @Route("/account/guest/login", name="frontend.account.guest.login.page", methods={"GET"})
  112.      * @NoStore
  113.      */
  114.     public function guestLoginPage(Request $requestSalesChannelContext $context): Response
  115.     {
  116.         /** @var string $redirect */
  117.         $redirect $request->get('redirectTo''frontend.account.home.page');
  119.         $customer $context->getCustomer();
  121.         if ($customer !== null) {
  122.             $request->request->set('redirectTo'$redirect);
  124.             return $this->createActionResponse($request);
  125.         }
  127.         $waitTime = (int) $request->get('waitTime');
  128.         if ($waitTime) {
  129.             $this->addFlash(self::INFO$this->trans('account.loginThrottled', ['%seconds%' => $waitTime]));
  130.         }
  132.         if ((bool) $request->get('loginError')) {
  133.             $this->addFlash(self::DANGER$this->trans('account.orderGuestLoginWrongCredentials'));
  134.         }
  136.         $page $this->loginPageLoader->load($request$context);
  138.         $this->hook(new AccountGuestLoginPageLoadedHook($page$context));
  140.         return $this->renderStorefront('@Storefront/storefront/page/account/guest-auth.html.twig', [
  141.             'redirectTo' => $redirect,
  142.             'redirectParameters' => $request->get('redirectParameters'json_encode([])),
  143.             'page' => $page,
  144.         ]);
  145.     }
  147.     /**
  148.      * @Since("6.0.0.0")
  149.      * @Route("/account/logout", name="frontend.account.logout.page", methods={"GET"})
  150.      */
  151.     public function logout(Request $requestSalesChannelContext $contextRequestDataBag $dataBag): Response
  152.     {
  153.         if ($context->getCustomer() === null) {
  154.             return $this->redirectToRoute('frontend.account.login.page');
  155.         }
  157.         try {
  158.             $this->logoutRoute->logout($context$dataBag);
  159.             $this->addFlash(self::SUCCESS$this->trans('account.logoutSucceeded'));
  161.             $parameters = [];
  162.         } catch (ConstraintViolationException $formViolations) {
  163.             $parameters = ['formViolations' => $formViolations];
  164.         }
  166.         return $this->redirectToRoute('frontend.account.login.page'$parameters);
  167.     }
  169.     /**
  170.      * @Since("6.0.0.0")
  171.      * @Route("/account/login", name="frontend.account.login", methods={"POST"}, defaults={"XmlHttpRequest"=true})
  172.      */
  173.     public function login(Request $requestRequestDataBag $dataSalesChannelContext $context): Response
  174.     {
  175.         $customer $context->getCustomer();
  177.         if ($customer !== null && $customer->getGuest() === false) {
  178.             return $this->createActionResponse($request);
  179.         }
  181.         try {
  182.             $token $this->loginRoute->login($data$context)->getToken();
  183.             if (!empty($token)) {
  184.                 $this->addCartErrors($this->cartService->getCart($token$context));
  186.                 return $this->createActionResponse($request);
  187.             }
  188.         } catch (BadCredentialsException UnauthorizedHttpException InactiveCustomerException CustomerAuthThrottledException $e) {
  189.             if ($e instanceof InactiveCustomerException) {
  190.                 $errorSnippet $e->getSnippetKey();
  191.             }
  193.             if ($e instanceof CustomerAuthThrottledException) {
  194.                 $waitTime $e->getWaitTime();
  195.             }
  196.         }
  198.         $data->set('password'null);
  200.         return $this->forwardToRoute(
  201.             'frontend.account.login.page',
  202.             [
  203.                 'loginError' => true,
  204.                 'errorSnippet' => $errorSnippet ?? null,
  205.                 'waitTime' => $waitTime ?? null,
  206.             ]
  207.         );
  208.     }
  210.     /**
  211.      * @Since("6.1.0.0")
  212.      * @Route("/account/recover", name="frontend.account.recover.page", methods={"GET"})
  213.      *
  214.      * @throws CategoryNotFoundException
  215.      * @throws InconsistentCriteriaIdsException
  216.      * @throws MissingRequestParameterException
  217.      */
  218.     public function recoverAccountForm(Request $requestSalesChannelContext $context): Response
  219.     {
  220.         $page $this->loginPageLoader->load($request$context);
  222.         return $this->renderStorefront('@Storefront/storefront/page/account/profile/recover-password.html.twig', [
  223.             'page' => $page,
  224.         ]);
  225.     }
  227.     /**
  228.      * @Since("6.1.0.0")
  229.      * @Route("/account/recover", name="frontend.account.recover.request", methods={"POST"})
  230.      */
  231.     public function generateAccountRecovery(Request $requestRequestDataBag $dataSalesChannelContext $context): Response
  232.     {
  233.         try {
  234.             $data->get('email')
  235.                 ->set('storefrontUrl'$request->attributes->get(RequestTransformer::STOREFRONT_URL));
  237.             $this->sendPasswordRecoveryMailRoute->sendRecoveryMail(
  238.                 $data->get('email')->toRequestDataBag(),
  239.                 $context,
  240.                 false
  241.             );
  243.             $this->addFlash(self::SUCCESS$this->trans('account.recoveryMailSend'));
  244.         } catch (CustomerNotFoundException $e) {
  245.             $this->addFlash(self::SUCCESS$this->trans('account.recoveryMailSend'));
  246.         } catch (InconsistentCriteriaIdsException $e) {
  247.             $this->addFlash(self::DANGER$this->trans('error.message-default'));
  248.         } catch (RateLimitExceededException $e) {
  249.             $this->addFlash(self::INFO$this->trans('error.rateLimitExceeded', ['%seconds%' => $e->getWaitTime()]));
  250.         }
  252.         return $this->redirectToRoute('frontend.account.recover.page');
  253.     }
  255.     /**
  256.      * @Since("6.1.0.0")
  257.      * @Route("/account/recover/password", name="frontend.account.recover.password.page", methods={"GET"})
  258.      *
  259.      * @throws CategoryNotFoundException
  260.      * @throws InconsistentCriteriaIdsException
  261.      * @throws MissingRequestParameterException
  262.      */
  263.     public function resetPasswordForm(Request $requestSalesChannelContext $context): Response
  264.     {
  265.         $page $this->loginPageLoader->load($request$context);
  266.         $hash $request->get('hash');
  268.         if (!$hash) {
  269.             $this->addFlash(self::DANGER$this->trans('account.passwordHashNotFound'));
  271.             return $this->redirectToRoute('frontend.account.recover.request');
  272.         }
  274.         $customerHashCriteria = new Criteria();
  275.         $customerHashCriteria->addFilter(new EqualsFilter('hash'$hash));
  277.         $customerRecovery $this->customerRecoveryRepository
  278.             ->search($customerHashCriteria$context->getContext())
  279.             ->first();
  281.         if ($customerRecovery === null) {
  282.             $this->addFlash(self::DANGER$this->trans('account.passwordHashNotFound'));
  284.             return $this->redirectToRoute('frontend.account.recover.request');
  285.         }
  287.         if (!$this->checkHash($hash$context->getContext())) {
  288.             $this->addFlash(self::DANGER$this->trans('account.passwordHashExpired'));
  290.             return $this->redirectToRoute('frontend.account.recover.request');
  291.         }
  293.         return $this->renderStorefront('@Storefront/storefront/page/account/profile/reset-password.html.twig', [
  294.             'page' => $page,
  295.             'hash' => $hash,
  296.             'formViolations' => $request->get('formViolations'),
  297.         ]);
  298.     }
  300.     /**
  301.      * @Since("6.1.0.0")
  302.      * @Route("/account/recover/password", name="frontend.account.recover.password.reset", methods={"POST"})
  303.      *
  304.      * @throws InconsistentCriteriaIdsException
  305.      */
  306.     public function resetPassword(RequestDataBag $dataSalesChannelContext $context): Response
  307.     {
  308.         $hash $data->get('password')->get('hash');
  310.         try {
  311.             $pw $data->get('password');
  313.             $this->resetPasswordRoute->resetPassword($pw->toRequestDataBag(), $context);
  315.             $this->addFlash(self::SUCCESS$this->trans('account.passwordChangeSuccess'));
  316.         } catch (ConstraintViolationException $formViolations) {
  317.             $this->addFlash(self::DANGER$this->trans('account.passwordChangeNoSuccess'));
  319.             return $this->forwardToRoute(
  320.                 'frontend.account.recover.password.page',
  321.                 ['hash' => $hash'formViolations' => $formViolations'passwordFormViolation' => true]
  322.             );
  323.         } catch (CustomerNotFoundByHashException $e) {
  324.             $this->addFlash(self::DANGER$this->trans('account.passwordChangeNoSuccess'));
  326.             return $this->forwardToRoute('frontend.account.recover.request');
  327.         } catch (CustomerRecoveryHashExpiredException $e) {
  328.             $this->addFlash(self::DANGER$this->trans('account.passwordHashExpired'));
  330.             return $this->forwardToRoute('frontend.account.recover.request');
  331.         }
  333.         return $this->redirectToRoute('frontend.account.profile.page');
  334.     }
  336.     private function checkHash(string $hashContext $context): bool
  337.     {
  338.         $criteria = new Criteria();
  339.         $criteria->addFilter(new EqualsFilter('hash'$hash));
  341.         $recovery $this->customerRecoveryRepository->search($criteria$context)->first();
  343.         $validDateTime = (new \DateTime())->sub(new \DateInterval('PT2H'));
  345.         return $recovery && $validDateTime $recovery->getCreatedAt();
  346.     }
  347. }