src/Controller/SecurityController.php line 25

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Services\Functions;
  6. use Carbon\Carbon;
  7. use Exception;
  8. use Pimcore\Log\ApplicationLogger;
  9. use Pimcore\Model\DataObject\Coupon;
  10. use Pimcore\Model\DataObject\LocationSource;
  11. use Pimcore\Model\DataObject\MemberStripeAccount;
  12. use Pimcore\Model\DataObject\MembersUser;
  13. use Pimcore\Model\DataObject\Price;
  14. use Pimcore\Model\DataObject\Promocode;
  15. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  16. use Symfony\Component\HttpFoundation\Request;
  17. use Symfony\Component\HttpFoundation\Response;
  18. use Symfony\Component\Routing\Annotation\Route;
  19. use Symfony\Component\Security\Http\Attribute\CurrentUser;
  20. use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
  21. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  22. use Symfony\Component\HttpFoundation\JsonResponse;
  25. class SecurityController extends AbstractController
  26. {
  28.     private JWTTokenManagerInterface $jwtManager;
  29.     private UserPasswordHasherInterface $passwordHasher;
  31.     public function __construct(
  32.         JWTTokenManagerInterface $jwtManager,
  33.         UserPasswordHasherInterface $passwordHasher
  34.     ) {
  35.         $this->jwtManager $jwtManager;
  36.         $this->passwordHasher $passwordHasher;
  37.     }
  40.     #[Route('/v1/api/login'name'v1_app_login'methods: ['POST'])]
  41.     public function loginAction(Request $request): JsonResponse
  42.     {
  43.         $logger ApplicationLogger::getInstance();
  44.     
  45.         try {
  46.             $data json_decode($request->getContent(), true);
  47.     
  48.             if (!isset($data['email']) || !isset($data['password'])) {
  49.                 return new JsonResponse([
  50.                     'error' => true,
  51.                     'message' => 'Email, password and source are required',
  52.                     'data' => []
  53.                 ], Response::HTTP_BAD_REQUEST);
  54.             }
  55.     
  56.             $email $data['email'];
  57.             $password $data['password'];
  58.             $sourceKey $data['source'] ?? null;
  59.     
  60.             // Trova l'utente
  61.             $user MembersUser::getByEmail($email, ['limit' => 1'unpublished' => false]);
  62.     
  63.             if (!$user instanceof MembersUser) {
  64.                 return new JsonResponse([
  65.                     'error' => true,
  66.                     'message' => 'Invalid credentials',
  67.                     'data' => []
  68.                 ], Response::HTTP_UNAUTHORIZED);
  69.             }
  70.     
  71.             // Verifica la password
  72.             if (!$this->passwordHasher->isPasswordValid($user$password)) {
  73.                 return new JsonResponse([
  74.                     'error' => true,
  75.                     'message' => 'Invalid credentials',
  76.                     'data' => []
  77.                 ], Response::HTTP_UNAUTHORIZED);
  78.             }
  79.     
  80.             // Verifica che l'utente sia attivo
  81.             if (!$user->getActive()) {
  82.                 return new JsonResponse([
  83.                     'error' => true,
  84.                     'message' => 'Utente non attivo',
  85.                     'data' => []
  86.                 ], Response::HTTP_UNAUTHORIZED);
  87.             }
  89.             $source null;
  90.             if ($sourceKey) {
  91.                 $source LocationSource::getByObjectKey($sourceKey1);
  92.                 if (!$source instanceof LocationSource) {
  93.                     return new JsonResponse([
  94.                         'error' => true,
  95.                         'message' => 'Source not found',
  96.                         'data' => []
  97.                     ], Response::HTTP_BAD_REQUEST);
  98.                 }
  99.             }
  101.             if (!empty($user->getEndDate()) && !$user->getEndDate()->greaterThan(Carbon::now())) {
  102.                 return new JsonResponse([
  103.                     'error' => true,
  104.                     'message' => 'Iscrizione scaduta',
  105.                     'data' => []
  106.                 ], Response::HTTP_UNAUTHORIZED);
  107.             }
  108.     
  109.             // Genera il token JWT
  110.             $token $this->jwtManager->create($user);
  112.             // Resto della logica per prodotti e promo codes...
  113.             // $userData = $this->getUserData($user, $source);
  114.             $role '';
  115.             if (in_array('ROLE_PIMCORE_USER'$user->getRoles())) {
  116.                 $role 'admin';
  117.             } elseif (in_array('ROLE_USER'$user->getRoles())) {
  118.                 $role 'user';
  119.             }
  120.             return new JsonResponse([
  121.                 'token' => $token,
  122.                 'user' => [
  123.                     'id' => $user->getId(),
  124.                     'firstname' => $user->getFirstname(),
  125.                     'lastname' => $user->getLastname(),
  126.                     'email' => $user->getEmail(),
  127.                     'phone' => $user->getPhone(),
  128.                     'role' => $role,
  129.                     // 'roles' => $user->getRoles()
  130.                 ]
  131.             ]);
  132.         } catch (Exception $e) {
  133.             $logger->error($e);
  134.             return new JsonResponse([
  135.                 'error' => true,
  136.                 'message' => $e->getMessage(),
  137.                 'data' => []
  138.             ], Response::HTTP_INTERNAL_SERVER_ERROR);
  139.         }
  140.     }
  142.     #[Route('/v1/api/profile'name'app_profile'methods: ['GET'])]
  143.     public function getProfileAction(Request $request, #[CurrentUser$user null): JsonResponse
  144.     {
  146.         $sourceKey $request->query->get('source');
  148.         if (!$user instanceof MembersUser) {
  149.             return new JsonResponse([
  150.                 'error' => true,
  151.                 'message' => 'User not found',
  152.                 'data' => []
  153.             ], Response::HTTP_UNAUTHORIZED);
  154.         }
  156.         $source LocationSource::getByObjectKey($sourceKey1);
  157.         if (!$source instanceof LocationSource) {
  158.             return new JsonResponse([
  159.                 'error' => true,
  160.                 'message' => 'Source not found',
  161.                 'data' => []
  162.             ], Response::HTTP_BAD_REQUEST);
  163.         }
  165.         $userData $this->getUserData($user$sourcefalse);
  166.         return new JsonResponse([
  167.             'error' => false,
  168.             'message' => null,
  169.             'data' => $userData
  170.         ]);
  171.     }
  173.     #[Route('/v1/api/refresh-token'name'app_refresh_token'methods: ['POST'])]
  174.     public function refreshTokenAction(#[CurrentUser$user null): JsonResponse
  175.     {
  176.         if (!$user instanceof MembersUser) {
  177.             return new JsonResponse([
  178.                 'error' => true,
  179.                 'message' => 'User not found',
  180.                 'data' => []
  181.             ], Response::HTTP_UNAUTHORIZED);
  182.         }
  184.         $token $this->jwtManager->create($user);
  186.         return new JsonResponse([
  187.             'token' => $token
  188.         ]);
  189.     }
  191.     private function getUserData(MembersUser $userLocationSource $source$exception true): array
  192.     {
  193.         $products = [];
  194.         $promoCodes = [];
  196.         $MemberStripeAccount = new MemberStripeAccount\Listing();
  197.         $MemberStripeAccount->setCondition('customerId = ? AND source__id = ?', [
  198.             $user->getId(),
  199.             $source->getId()
  200.         ]);
  201.         $MemberStripeAccount $MemberStripeAccount->current();
  203.         if (!$MemberStripeAccount instanceof MemberStripeAccount) {
  204.             if ($exception) {
  205.                 throw new Exception('Account not found');
  206.             }
  207.         }
  209.         $mainGroup '';
  210.         $groups $user->getGroups();
  211.         if (isset($groups[0]) && $groups[0]->getName() === 'Private') {
  212.             $mainGroup $groups[0]->getName();
  213.             if (!empty($user->getEndDate()) && !$user->getEndDate()->greaterThan(Carbon::now())) {
  214.                 if ($exception) {
  215.                     throw new Exception('Iscrizione utente scaduto');
  216.                 }
  217.             }
  218.         } elseif (isset($groups[0]) && !empty($groups[0]->getName())) {
  219.             $mainGroup $groups[0]->getName();
  220.         }
  222.         if ($MemberStripeAccount) {
  223.             $stripe = new \Stripe\StripeClient($MemberStripeAccount->getSource()?->getStripeAccount()->getStripeSecret());
  225.             // Prodotti base
  226.             if (null !== ($price Price::getByPriceid($MemberStripeAccount->getSource()->getStripeAccount()->getAssistanceItem(), 1))) {
  227.                 $products[$MemberStripeAccount->getSource()->getStripeAccount()->getAssistanceItem()]['price'] = $price->getPrice() / 100;
  228.                 $products[$MemberStripeAccount->getSource()->getStripeAccount()->getAssistanceItem()]['title'] = $price->getTitle();
  229.             }
  231.             if (null !== ($price Price::getByPriceid($MemberStripeAccount->getSource()->getStripeAccount()->getAttestationItem(), 1))) {
  232.                 $products[$MemberStripeAccount->getSource()->getStripeAccount()->getAttestationItem()]['price'] = $price->getPrice() / 100;
  233.                 $products[$MemberStripeAccount->getSource()->getStripeAccount()->getAttestationItem()]['title'] = $price->getTitle();
  234.             }
  236.             
  238.             // Gestione promo codes
  239.             if (!empty($MemberStripeAccount->getPromoCode())) {
  240.                 foreach ($MemberStripeAccount->getPromoCode() as $k => $promos) {
  241.                     $promoCodes[$promos[0]] = $promos[1];
  242.                     if (null !== ($price Price::getByPriceid($promos[0], 1))) {
  243.                         $products[$promos[0]]['price'] = $price->getPrice() / 100;
  244.                         $products[$promos[0]]['title'] = $price->getTitle();
  245.                     }
  246.                     if (null !== ($promo Promocode::getByPromoid($promos[1], 1))) {
  247.                         $coupon Coupon::getByPromo($promo1);
  248.                         if ($coupon instanceof Coupon) {
  249.                             preg_match('/\d+$/'$coupon->getTitle(), $matches);
  250.                             if (!empty($matches)) {
  251.                                 $products[$promos[0]]['promo'] = (float) $matches[0];
  252.                             }
  253.                         }
  254.                     } else {
  255.                         try {
  256.                             $promoObj $stripe->promotionCodes->retrieve($promos[1], []);
  257.                             if ($promoObj->active) {
  258.                                 preg_match('/\d+$/'$promoObj->coupon->name$matches);
  259.                                 if (!empty($matches)) {
  260.                                     $products[$promos[0]]['promo'] = (float) $matches[0];
  261.                                 }
  262.                             }
  263.                         } catch (\Exception $e) {
  264.                             // Log dell'errore se necessario
  265.                         }
  266.                     }
  267.                 }
  268.             }
  269.         }
  271.         
  272.         $role '';
  273.         if (in_array('ROLE_PIMCORE_USER'$user->getRoles())) {
  274.             $role 'admin';
  275.         } elseif (in_array('ROLE_USER'$user->getRoles())) {
  276.             $role 'user';
  277.         }
  278.         return [
  279.             'fullName' => $user->getFirstname() . ' ' $user->getLastname(),
  280.             'taxCode' => $user->getFiscalCode(),
  281.             'role' => $role,
  282.             'membership' => [
  283.                 'number' => $user->getMembershipNumber(),
  284.                 'expirationDate' => $user->getEndDate()?->format('Y-m-d'),
  285.             ],
  286.             'customerType' => $mainGroup,
  287.             'customerTypeId' => \Pimcore\Model\DataObject\MembersGroup::getByName($mainGroup1)?->getId(),
  288.             'businessName' => !empty($user->getBusinessName()) ? $user->getBusinessName() : '',
  289.             'firstname' => $user->getFirstname(),
  290.             'startDate' => $user->getCreatedDate(),
  291.             'endDate' => $user->getEndDate(),
  292.             'lastname' => $user->getLastname(),
  293.             'email' => $user->getEmail(),
  294.             'phone' => $user->getPhone(),
  295.             'customerId' => $user->getId(),
  296.             'stripeCustomerId' => $MemberStripeAccount $MemberStripeAccount?->getStripeCustomerId() : null,
  297.             'stripePromoCodes' => $promoCodes,
  298.             'products' => $products
  299.         ];
  300.     }
  302.     #[Route('/api/login'name'app_login'methods: ['POST'])]
  303.     public function appLoginAction(Request $request, #[CurrentUser$user null): Response
  304.     {
  305.         $logger ApplicationLogger::getInstance();
  306.         try {
  307.             $source LocationSource::getByObjectKey($request->toArray()['source'])->current();
  308.             if (empty($source)) {
  309.                 throw new Exception('Source not found');
  310.             }
  312.             $products = [];
  313.             if ($user instanceof  MembersUser && $user !== null && $user->getActive()) {
  314.                 $MemberStripeAccount = new MemberStripeAccount\Listing();
  315.                 $MemberStripeAccount->setCondition('customerId = ? AND source__id = ?', [
  316.                     $user->getId(),
  317.                     $source->getId()
  318.                 ]);
  319.                 $MemberStripeAccount $MemberStripeAccount->current();
  320.                 $stripe = new \Stripe\StripeClient($MemberStripeAccount->getSource()->getStripeAccount()->getStripeSecret());
  321.                 if (!$MemberStripeAccount instanceof MemberStripeAccount) {
  322.                     throw new Exception('Account not found');
  323.                 }
  324.                 if (null !== ($price Price::getByPriceid($MemberStripeAccount->getSource()->getStripeAccount()->getAssistanceItem(), 1))) {
  325.                     $products[$MemberStripeAccount->getSource()->getStripeAccount()->getAssistanceItem()]['price'] = $price->getPrice() / 100;
  326.                     $products[$MemberStripeAccount->getSource()->getStripeAccount()->getAssistanceItem()]['title'] = $price->getTitle();
  327.                 }
  328.                 if (null !== ($price Price::getByPriceid($MemberStripeAccount->getSource()->getStripeAccount()->getAttestationItem(), 1))) {
  329.                     $products[$MemberStripeAccount->getSource()->getStripeAccount()->getAttestationItem()]['price'] = $price->getPrice() / 100;
  330.                     $products[$MemberStripeAccount->getSource()->getStripeAccount()->getAttestationItem()]['title'] = $price->getTitle();
  331.                 }
  333.                 $promoCodes = [];
  334.                 $mainGroup '';
  335.                 $groups $user->getGroups();
  336.                 if (isset($groups[0]) && $groups[0]->getName() === 'Private') {
  337.                     $mainGroup $groups[0]->getName();
  338.                     if (!empty($user->getEndDate()) && !$user->getEndDate()->greaterThan(Carbon::now())) {
  339.                         $logger->info($user->getId() . ' Iscrizione utente scaduto');
  340.                         return $this->json([
  341.                             'error' => true,
  342.                             'message' => 'Iscrizione utente scaduto',
  343.                             'data' => []
  344.                         ]);
  345.                     }
  346.                 } elseif (isset($groups[0]) && !empty($groups[0]->getName())) {
  347.                     $mainGroup $groups[0]->getName();
  348.                 }
  350.                 if (!empty($user->getEndDate()) && !$user->getEndDate()->greaterThan(Carbon::now())) {
  351.                     if (!empty($MemberStripeAccount->getPromocode())) {
  352.                         foreach ($MemberStripeAccount->getPromoCode() as $k => $promos) {
  353.                             $promoCodes[$promos[0]] = $promos[1];
  354.                             if (null !== ($price Price::getByPriceid($promos[0], 1))) {
  355.                                 $products[$promos[0]]['price'] = $price->getPrice() / 100;
  356.                                 $products[$promos[0]]['title'] = $price->getTitle();
  357.                             }
  358.                             if (null !== ($promo Promocode::getByPromoid($promos[1], 1))) {
  359.                                 $coupon Coupon::getByPromo($promo1);
  360.                                 if ($coupon instanceof Coupon) {
  361.                                     preg_match('/\d+$/'$coupon->getTitle(), $matches);
  362.                                     if (!empty($matches)) {
  363.                                         $products[$promos[0]]['promo'] = (float) $matches[0];
  364.                                     }
  365.                                 }
  366.                             } else {
  367.                                 $promoObj $stripe->promotionCodes->retrieve($promos[1], []);
  368.                                 if ($promoObj->active) {
  369.                                     preg_match('/\d+$/'$promoObj->coupon->name$matches);
  370.                                     if (!empty($matches)) {
  371.                                         $products[$promos[0]]['promo'] = (float) $matches[0];
  372.                                     }
  373.                                 }
  374.                             }
  375.                         }
  376.                     }
  377.                 } elseif (!empty($MemberStripeAccount->getPromoCode())) {
  378.                     foreach ($MemberStripeAccount->getPromoCode() as $k => $promos) {
  379.                         $promoCodes[$promos[0]] = $promos[1];
  380.                         if (null !== ($price Price::getByPriceid($promos[0], 1))) {
  381.                             $products[$promos[0]]['price'] = $price->getPrice() / 100;
  382.                             $products[$promos[0]]['title'] = $price->getTitle();
  383.                         }
  384.                         if (null !== ($promo Promocode::getByPromoid($promos[1], 1))) {
  385.                             $coupon Coupon::getByPromo($promo1);
  386.                             if ($coupon instanceof Coupon) {
  387.                                 preg_match('/\d+$/'$coupon->getTitle(), $matches);
  388.                                 if (!empty($matches)) {
  389.                                     $products[$promos[0]]['promo'] = (float) $matches[0];
  390.                                 }
  391.                             }
  392.                         } else {
  393.                             $promoObj $stripe->promotionCodes->retrieve($promos[1], []);
  394.                             if ($promoObj->active) {
  395.                                 preg_match('/\d+$/'$promoObj->coupon->name$matches);
  396.                                 if (!empty($matches)) {
  397.                                     $products[$promos[0]]['promo'] = (float) $matches[0];
  398.                                 }
  399.                             }
  400.                         }
  401.                     }
  402.                 }
  404.                 return $this->json([
  405.                     'error' => false,
  406.                     'message' => null,
  407.                     'data' => [
  408.                         'customerType' =>  $mainGroup,
  409.                         'customerTypeId' =>  \Pimcore\Model\DataObject\MembersGroup::getByName($mainGroup1)?->getId(),
  410.                         'businessName' =>  !empty($user->getBusinessName()) ? $user->getBusinessName() : '',
  411.                         'firstname' =>  $user->getFirstname(),
  412.                         'startDate' =>  $user->getCreatedDate(),
  413.                         'endDate' =>  $user->getEndDate(),
  414.                         'lastname' => $user->getLastname(),
  415.                         'email' => $user->getEmail(),
  416.                         'phone' => $user->getPhone(),
  417.                         'authorization' => \Pimcore\Config::getWebsiteConfig()->get('rent_calculator_authorization'),
  418.                         'customerId' => $user->getId(),
  419.                         'stripeCustomerId' => $MemberStripeAccount->getStripeCustomerId(),
  420.                         'stripePromoCodes' => $promoCodes,
  421.                         'products' => $products,
  422.                         'token' => Functions::securedEncrypt($user->getId())
  423.                     ]
  424.                 ]);
  425.             } else {
  426.                 $logger->info($user->getId() . ' Utente non attivo');
  427.                 return $this->json([
  428.                     'error' => true,
  429.                     'message' => 'Utente non attivo',
  430.                     'data' => []
  431.                 ]);
  432.             }
  433.         } catch (Exception $e) {
  434.             return $this->json([
  435.                 'error' => true,
  436.                 'message' => $e->getMessage(),
  437.                 'data' => []
  438.             ]);
  439.         }
  440.     }
  441. }