src/Controller/SecurityController.php line 26

Open in your IDE?
  1. <?php
  3. namespace App\Controller;
  5. use App\Services\Functions;
  6. use Carbon\Carbon;
  7. use Exception;
  8. use Pimcore\Log\ApplicationLogger;
  9. use Pimcore\Model\DataObject\Coupon;
  10. use Pimcore\Model\DataObject\LocationSource;
  11. use Pimcore\Model\DataObject\MemberStripeAccount;
  12. use Pimcore\Model\DataObject\MembersUser;
  13. use Pimcore\Model\DataObject\Price;
  14. use Pimcore\Model\DataObject\Promocode;
  15. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  16. use Symfony\Component\HttpFoundation\Request;
  17. use Symfony\Component\HttpFoundation\Response;
  18. use Symfony\Component\Routing\Annotation\Route;
  19. use Symfony\Component\Security\Http\Attribute\CurrentUser;
  20. use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
  21. use Pimcore\Model\DataObject\PromoRules;
  22. use Symfony\Component\PasswordHasher\Hasher\UserPasswordHasherInterface;
  23. use Symfony\Component\HttpFoundation\JsonResponse;
  26. class SecurityController extends AbstractController
  27. {
  29.     private JWTTokenManagerInterface $jwtManager;
  30.     private UserPasswordHasherInterface $passwordHasher;
  32.     public function __construct(
  33.         JWTTokenManagerInterface $jwtManager,
  34.         UserPasswordHasherInterface $passwordHasher
  35.     ) {
  36.         $this->jwtManager $jwtManager;
  37.         $this->passwordHasher $passwordHasher;
  38.     }
  41.     #[Route('/v1/api/login'name'v1_app_login'methods: ['POST'])]
  42.     public function loginAction(Request $request): JsonResponse
  43.     {
  44.         $logger ApplicationLogger::getInstance();
  45.     
  46.         try {
  47.             $data json_decode($request->getContent(), true);
  48.     
  49.             if (!isset($data['email']) || !isset($data['password'])) {
  50.                 return new JsonResponse([
  51.                     'error' => true,
  52.                     'message' => 'Email, password and source are required',
  53.                     'data' => []
  54.                 ], Response::HTTP_BAD_REQUEST);
  55.             }
  56.     
  57.             $email $data['email'];
  58.             $password $data['password'];
  59.             $sourceKey $data['source'] ?? null;
  60.     
  61.             // Trova l'utente
  62.             $user MembersUser::getByEmail($email, ['limit' => 1'unpublished' => false]);
  63.     
  64.             if (!$user instanceof MembersUser) {
  65.                 return new JsonResponse([
  66.                     'error' => true,
  67.                     'message' => 'Invalid credentials',
  68.                     'data' => []
  69.                 ], Response::HTTP_UNAUTHORIZED);
  70.             }
  71.     
  72.             // Verifica la password
  73.             if (!$this->passwordHasher->isPasswordValid($user$password)) {
  74.                 return new JsonResponse([
  75.                     'error' => true,
  76.                     'message' => 'Invalid credentials',
  77.                     'data' => []
  78.                 ], Response::HTTP_UNAUTHORIZED);
  79.             }
  80.     
  81.             // Verifica che l'utente sia attivo
  82.             if (!$user->getActive()) {
  83.                 return new JsonResponse([
  84.                     'error' => true,
  85.                     'message' => 'Utente non attivo',
  86.                     'data' => []
  87.                 ], Response::HTTP_UNAUTHORIZED);
  88.             }
  90.             $source null;
  91.             if ($sourceKey) {
  92.                 $source LocationSource::getByObjectKey($sourceKey1);
  93.                 if (!$source instanceof LocationSource) {
  94.                     return new JsonResponse([
  95.                         'error' => true,
  96.                         'message' => 'Source not found',
  97.                         'data' => []
  98.                     ], Response::HTTP_BAD_REQUEST);
  99.                 }
  100.             }
  102.             if (!empty($user->getEndDate()) && !$user->getEndDate()->greaterThan(Carbon::now())) {
  103.                 return new JsonResponse([
  104.                     'error' => true,
  105.                     'message' => 'Iscrizione scaduta',
  106.                     'data' => []
  107.                 ], Response::HTTP_UNAUTHORIZED);
  108.             }
  109.     
  110.             // Genera il token JWT
  111.             $token $this->jwtManager->create($user);
  113.             // Resto della logica per prodotti e promo codes...
  114.             // $userData = $this->getUserData($user, $source);
  115.             $role '';
  116.             if (in_array('ROLE_PIMCORE_USER'$user->getRoles())) {
  117.                 $role 'admin';
  118.             } elseif (in_array('ROLE_USER'$user->getRoles())) {
  119.                 $role 'user';
  120.             }
  121.             return new JsonResponse([
  122.                 'token' => $token,
  123.                 'user' => [
  124.                     'id' => $user->getId(),
  125.                     'firstname' => $user->getFirstname(),
  126.                     'lastname' => $user->getLastname(),
  127.                     'email' => $user->getEmail(),
  128.                     'phone' => $user->getPhone(),
  129.                     'role' => $role,
  130.                     // 'roles' => $user->getRoles()
  131.                 ]
  132.             ]);
  133.         } catch (Exception $e) {
  134.             $logger->error($e);
  135.             return new JsonResponse([
  136.                 'error' => true,
  137.                 'message' => $e->getMessage(),
  138.                 'data' => []
  139.             ], Response::HTTP_INTERNAL_SERVER_ERROR);
  140.         }
  141.     }
  143.     #[Route('/v1/api/profile'name'app_profile'methods: ['GET'])]
  144.     public function getProfileAction(Request $request, #[CurrentUser$user null): JsonResponse
  145.     {
  147.         $sourceKey $request->query->get('source');
  149.         if (!$user instanceof MembersUser) {
  150.             return new JsonResponse([
  151.                 'error' => true,
  152.                 'message' => 'User not found',
  153.                 'data' => []
  154.             ], Response::HTTP_UNAUTHORIZED);
  155.         }
  157.         $source LocationSource::getByObjectKey($sourceKey1);
  158.         if (!$source instanceof LocationSource) {
  159.             return new JsonResponse([
  160.                 'error' => true,
  161.                 'message' => 'Source not found',
  162.                 'data' => []
  163.             ], Response::HTTP_BAD_REQUEST);
  164.         }
  166.         $userData $this->getUserData($user$sourcefalse);
  167.         return new JsonResponse([
  168.             'error' => false,
  169.             'message' => null,
  170.             'data' => $userData
  171.         ]);
  172.     }
  174.     #[Route('/v1/api/refresh-token'name'app_refresh_token'methods: ['POST'])]
  175.     public function refreshTokenAction(#[CurrentUser$user null): JsonResponse
  176.     {
  177.         if (!$user instanceof MembersUser) {
  178.             return new JsonResponse([
  179.                 'error' => true,
  180.                 'message' => 'User not found',
  181.                 'data' => []
  182.             ], Response::HTTP_UNAUTHORIZED);
  183.         }
  185.         $token $this->jwtManager->create($user);
  187.         return new JsonResponse([
  188.             'token' => $token
  189.         ]);
  190.     }
  192.     private function getUserData(MembersUser $userLocationSource $source$exception true): array
  193.     {
  194.         $products = [];
  195.         $productsV2 = [];
  196.         $promoCodes = [];
  198.         $MemberStripeAccount = new MemberStripeAccount\Listing();
  199.         $MemberStripeAccount->setCondition('customerId = ? AND source__id = ?', [
  200.             $user->getId(),
  201.             $source->getId()
  202.         ]);
  203.         $MemberStripeAccount $MemberStripeAccount->current();
  205.         if (!$MemberStripeAccount instanceof MemberStripeAccount) {
  206.             if ($exception) {
  207.                 throw new Exception('Account not found');
  208.             }
  209.         }
  211.         $mainGroup '';
  212.         $groups $user->getGroups();
  213.         if (isset($groups[0]) && $groups[0]->getName() === 'Private') {
  214.             $mainGroup $groups[0]->getName();
  215.             if (!empty($user->getEndDate()) && !$user->getEndDate()->greaterThan(Carbon::now())) {
  216.                 if ($exception) {
  217.                     throw new Exception('Iscrizione utente scaduto');
  218.                 }
  219.             }
  220.         } elseif (isset($groups[0]) && !empty($groups[0]->getName())) {
  221.             $mainGroup $groups[0]->getName();
  222.         }
  224.         if ($MemberStripeAccount) {
  225.             $rules PromoRules::getById($MemberStripeAccount->getRules());
  226.             if ($rules instanceof PromoRules) {
  227.                 $promos $rules->getPromo();
  228.                 if (!empty($promos)) {
  229.                     foreach ($promos as $promo) {
  230.                         if ($promo['price']->getData() instanceof Price) {
  231.                             $productsV2[$promo['price']->getData()->getPriceid()]['price'] = $promo['price']->getData()->getPrice() / 100;
  232.                             $productsV2[$promo['price']->getData()->getPriceid()]['title'] = $promo['price']->getData()->getTitle();
  233.                         }
  234.                     }
  235.                 }
  236.             }
  237.             $stripe = new \Stripe\StripeClient($MemberStripeAccount->getSource()?->getStripeAccount()->getStripeSecret());
  239.             // Prodotti base
  240.             if (null !== ($price Price::getByPriceid($MemberStripeAccount->getSource()->getStripeAccount()->getAssistanceItem(), 1))) {
  241.                 $products[$MemberStripeAccount->getSource()->getStripeAccount()->getAssistanceItem()]['price'] = $price->getPrice() / 100;
  242.                 $products[$MemberStripeAccount->getSource()->getStripeAccount()->getAssistanceItem()]['title'] = $price->getTitle();
  243.             }
  245.             if (null !== ($price Price::getByPriceid($MemberStripeAccount->getSource()->getStripeAccount()->getAttestationItem(), 1))) {
  246.                 $products[$MemberStripeAccount->getSource()->getStripeAccount()->getAttestationItem()]['price'] = $price->getPrice() / 100;
  247.                 $products[$MemberStripeAccount->getSource()->getStripeAccount()->getAttestationItem()]['title'] = $price->getTitle();
  248.             }
  250.             
  252.             // Gestione promo codes
  253.             if (!empty($MemberStripeAccount->getPromoCode())) {
  254.                 foreach ($MemberStripeAccount->getPromoCode() as $k => $promos) {
  255.                     $promoCodes[$promos[0]] = $promos[1];
  256.                     if (null !== ($price Price::getByPriceid($promos[0], 1))) {
  257.                         $products[$promos[0]]['price'] = $price->getPrice() / 100;
  258.                         $products[$promos[0]]['title'] = $price->getTitle();
  259.                     }
  260.                     if (null !== ($promo Promocode::getByPromoid($promos[1], 1))) {
  261.                         $coupon Coupon::getByPromo($promo1);
  262.                         if ($coupon instanceof Coupon) {
  263.                             preg_match('/\d+$/'$coupon->getTitle(), $matches);
  264.                             if (!empty($matches)) {
  265.                                 $products[$promos[0]]['promo'] = (float) $matches[0];
  266.                             }
  267.                         }
  268.                     } else {
  269.                         try {
  270.                             $promoObj $stripe->promotionCodes->retrieve($promos[1], []);
  271.                             if ($promoObj->active) {
  272.                                 preg_match('/\d+$/'$promoObj->coupon->name$matches);
  273.                                 if (!empty($matches)) {
  274.                                     $products[$promos[0]]['promo'] = (float) $matches[0];
  275.                                 }
  276.                             }
  277.                         } catch (\Exception $e) {
  278.                             // Log dell'errore se necessario
  279.                         }
  280.                     }
  281.                 }
  282.             }
  283.         }
  285.         
  286.         $role '';
  287.         if (in_array('ROLE_PIMCORE_USER'$user->getRoles())) {
  288.             $role 'admin';
  289.         } elseif (in_array('ROLE_USER'$user->getRoles())) {
  290.             $role 'user';
  291.         }
  292.         $userEnableSources = [];
  294.         foreach ($user->getStripeData() as $stripeData) {
  295.             $userEnableSources[] = $stripeData->getSource()->getObjectKey();
  296.         }
  297.         return [
  298.             'fullName' => $user->getFirstname() . ' ' $user->getLastname(),
  299.             'taxCode' => $user->getFiscalCode(),
  300.             'role' => $role,
  301.             'membership' => [
  302.                 'number' => $user->getMembershipNumber(),
  303.                 'expirationDate' => $user->getEndDate()?->format('Y-m-d'),
  304.                 'membershipForm' => $user->getMembershipForm()
  305.             ],
  306.             'customerType' => $mainGroup,
  307.             'customerTypeId' => \Pimcore\Model\DataObject\MembersGroup::getByName($mainGroup1)?->getId(),
  308.             'businessName' => !empty($user->getBusinessName()) ? $user->getBusinessName() : '',
  309.             'firstname' => $user->getFirstname(),
  310.             'startDate' => $user->getCreatedDate(),
  311.             'endDate' => $user->getEndDate(),
  312.             'lastname' => $user->getLastname(),
  313.             'email' => $user->getEmail(),
  314.             'phone' => $user->getPhone(),
  315.             'customerId' => $user->getId(),
  316.             'stripeCustomerId' => $MemberStripeAccount $MemberStripeAccount?->getStripeCustomerId() : null,
  317.             'stripePromoCodes' => $promoCodes,
  318.             'products' => $products,
  319.             'userPrice' => $productsV2,
  320.             'source' => $userEnableSources
  321.         ];
  322.     }
  324.     #[Route('/api/login'name'app_login'methods: ['POST'])]
  325.     public function appLoginAction(Request $request, #[CurrentUser$user null): Response
  326.     {
  327.         $logger ApplicationLogger::getInstance();
  328.         try {
  329.             $source LocationSource::getByObjectKey($request->toArray()['source'])->current();
  330.             if (empty($source)) {
  331.                 throw new Exception('Source not found');
  332.             }
  334.             $products = [];
  335.             if ($user instanceof  MembersUser && $user !== null && $user->getActive()) {
  336.                 $MemberStripeAccount = new MemberStripeAccount\Listing();
  337.                 $MemberStripeAccount->setCondition('customerId = ? AND source__id = ?', [
  338.                     $user->getId(),
  339.                     $source->getId()
  340.                 ]);
  341.                 $MemberStripeAccount $MemberStripeAccount->current();
  342.                 $stripe = new \Stripe\StripeClient($MemberStripeAccount->getSource()->getStripeAccount()->getStripeSecret());
  343.                 if (!$MemberStripeAccount instanceof MemberStripeAccount) {
  344.                     throw new Exception('Account not found');
  345.                 }
  346.                 if (null !== ($price Price::getByPriceid($MemberStripeAccount->getSource()->getStripeAccount()->getAssistanceItem(), 1))) {
  347.                     $products[$MemberStripeAccount->getSource()->getStripeAccount()->getAssistanceItem()]['price'] = $price->getPrice() / 100;
  348.                     $products[$MemberStripeAccount->getSource()->getStripeAccount()->getAssistanceItem()]['title'] = $price->getTitle();
  349.                 }
  350.                 if (null !== ($price Price::getByPriceid($MemberStripeAccount->getSource()->getStripeAccount()->getAttestationItem(), 1))) {
  351.                     $products[$MemberStripeAccount->getSource()->getStripeAccount()->getAttestationItem()]['price'] = $price->getPrice() / 100;
  352.                     $products[$MemberStripeAccount->getSource()->getStripeAccount()->getAttestationItem()]['title'] = $price->getTitle();
  353.                 }
  355.                 $promoCodes = [];
  356.                 $mainGroup '';
  357.                 $groups $user->getGroups();
  358.                 if (isset($groups[0]) && $groups[0]->getName() === 'Private') {
  359.                     $mainGroup $groups[0]->getName();
  360.                     if (!empty($user->getEndDate()) && !$user->getEndDate()->greaterThan(Carbon::now())) {
  361.                         $logger->info($user->getId() . ' Iscrizione utente scaduto');
  362.                         return $this->json([
  363.                             'error' => true,
  364.                             'message' => 'Iscrizione utente scaduto',
  365.                             'data' => []
  366.                         ]);
  367.                     }
  368.                 } elseif (isset($groups[0]) && !empty($groups[0]->getName())) {
  369.                     $mainGroup $groups[0]->getName();
  370.                 }
  372.                 if (!empty($user->getEndDate()) && !$user->getEndDate()->greaterThan(Carbon::now())) {
  373.                     if (!empty($MemberStripeAccount->getPromocode())) {
  374.                         foreach ($MemberStripeAccount->getPromoCode() as $k => $promos) {
  375.                             $promoCodes[$promos[0]] = $promos[1];
  376.                             if (null !== ($price Price::getByPriceid($promos[0], 1))) {
  377.                                 $products[$promos[0]]['price'] = $price->getPrice() / 100;
  378.                                 $products[$promos[0]]['title'] = $price->getTitle();
  379.                             }
  380.                             if (null !== ($promo Promocode::getByPromoid($promos[1], 1))) {
  381.                                 $coupon Coupon::getByPromo($promo1);
  382.                                 if ($coupon instanceof Coupon) {
  383.                                     preg_match('/\d+$/'$coupon->getTitle(), $matches);
  384.                                     if (!empty($matches)) {
  385.                                         $products[$promos[0]]['promo'] = (float) $matches[0];
  386.                                     }
  387.                                 } else {
  388.                                     $coupon Coupon::getByCouponid($promo->getCoupon(), 1);
  389.                                     if ($coupon instanceof Coupon) {
  390.                                         preg_match('/\d+$/'$coupon->getTitle(), $matches);
  391.                                         if (!empty($matches)) {
  392.                                             $products[$promos[0]]['promo'] = (float) $matches[0];
  393.                                         }
  394.                                     }
  395.                                 }
  396.                             } else {
  397.                                 $promoObj $stripe->promotionCodes->retrieve($promos[1], []);
  398.                                 if ($promoObj->active) {
  399.                                     preg_match('/\d+$/'$promoObj->coupon->name$matches);
  400.                                     if (!empty($matches)) {
  401.                                         $products[$promos[0]]['promo'] = (float) $matches[0];
  402.                                     }
  403.                                 }
  404.                             }
  405.                         }
  406.                     }
  407.                 } elseif (!empty($MemberStripeAccount->getPromoCode())) {
  408.                     foreach ($MemberStripeAccount->getPromoCode() as $k => $promos) {
  409.                         $promoCodes[$promos[0]] = $promos[1];
  410.                         if (null !== ($price Price::getByPriceid($promos[0], 1))) {
  411.                             $products[$promos[0]]['price'] = $price->getPrice() / 100;
  412.                             $products[$promos[0]]['title'] = $price->getTitle();
  413.                         }
  414.                         if (null !== ($promo Promocode::getByPromoid($promos[1], 1))) {
  415.                             $coupon Coupon::getByPromo($promo1);
  416.                             if ($coupon instanceof Coupon) {
  417.                                 preg_match('/\d+$/'$coupon->getTitle(), $matches);
  418.                                 if (!empty($matches)) {
  419.                                     $products[$promos[0]]['promo'] = (float) $matches[0];
  420.                                 }
  421.                             } else {
  422.                                 $coupon Coupon::getByCouponid($promo->getCoupon(), 1);
  423.                                 if ($coupon instanceof Coupon) {
  424.                                     preg_match('/\d+$/'$coupon->getTitle(), $matches);
  425.                                     if (!empty($matches)) {
  426.                                         $products[$promos[0]]['promo'] = (float) $matches[0];
  427.                                     }
  428.                                 }
  429.                             }
  430.                         } else {
  431.                             $promoObj $stripe->promotionCodes->retrieve($promos[1], []);
  432.                             if ($promoObj->active) {
  433.                                 preg_match('/\d+$/'$promoObj->coupon->name$matches);
  434.                                 if (!empty($matches)) {
  435.                                     $products[$promos[0]]['promo'] = (float) $matches[0];
  436.                                 }
  437.                             }
  438.                         }
  439.                     }
  440.                 }
  442.                 return $this->json([
  443.                     'error' => false,
  444.                     'message' => null,
  445.                     'data' => [
  446.                         'customerType' =>  $mainGroup,
  447.                         'customerTypeId' =>  \Pimcore\Model\DataObject\MembersGroup::getByName($mainGroup1)?->getId(),
  448.                         'businessName' =>  !empty($user->getBusinessName()) ? $user->getBusinessName() : '',
  449.                         'firstname' =>  $user->getFirstname(),
  450.                         'startDate' =>  $user->getCreatedDate(),
  451.                         'endDate' =>  $user->getEndDate(),
  452.                         'lastname' => $user->getLastname(),
  453.                         'email' => $user->getEmail(),
  454.                         'phone' => $user->getPhone(),
  455.                         'authorization' => \Pimcore\Config::getWebsiteConfig()->get('rent_calculator_authorization'),
  456.                         'customerId' => $user->getId(),
  457.                         'stripeCustomerId' => $MemberStripeAccount->getStripeCustomerId(),
  458.                         'stripePromoCodes' => $promoCodes,
  459.                         'products' => $products,
  460.                         'token' => Functions::securedEncrypt($user->getId())
  461.                     ]
  462.                 ]);
  463.             } else {
  464.                 $logger->info($user->getId() . ' Utente non attivo');
  465.                 return $this->json([
  466.                     'error' => true,
  467.                     'message' => 'Utente non attivo',
  468.                     'data' => []
  469.                 ]);
  470.             }
  471.         } catch (Exception $e) {
  472.             return $this->json([
  473.                 'error' => true,
  474.                 'message' => $e->getMessage(),
  475.                 'data' => []
  476.             ]);
  477.         }
  478.     }
  479. }