From a5e3af98a45bde28e929183a929cb2573d4934b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?P=C5=91cze=20Bence?= Date: Sun, 24 Sep 2023 00:47:44 +0200 Subject: [PATCH] merge signup and google signup handling with username support --- src/Controller/LoginController.php | 215 +++++++++++++++-------------- views/login/google_signup.php | 18 +-- views/login/signup.php | 3 +- web.php | 1 - 4 files changed, 116 insertions(+), 121 deletions(-) diff --git a/src/Controller/LoginController.php b/src/Controller/LoginController.php index 566f218..a858949 100644 --- a/src/Controller/LoginController.php +++ b/src/Controller/LoginController.php @@ -2,6 +2,7 @@ use DateInterval; use DateTime; +use Faker\Factory; use SokoWeb\Http\Request; use SokoWeb\Interfaces\Response\IContent; use SokoWeb\Interfaces\Response\IRedirect; @@ -89,8 +90,13 @@ class LoginController return new HtmlContent('login/signup', $data); } - public function getSignupSuccess(): IContent + public function getSignupSuccess() { + if (\Container::$request->user() !== null) { + $this->deleteRedirectUrl(); + return new Redirect($this->redirectUrl, IRedirect::TEMPORARY); + } + return new HtmlContent('login/signup_success'); } @@ -265,131 +271,128 @@ class LoginController return new JsonContent(['redirect' => ['target' => $this->redirectUrl]]); } - $user = $this->userRepository->getByEmail(\Container::$request->post('email')); + $newUser = new User(); - if ($user !== null) { - if ($user->getActive()) { - if (!$user->checkPassword(\Container::$request->post('password'))) { - return new JsonContent([ - 'error' => [ - 'errorText' => 'There is a user already registered with the given email address, ' . - 'but the given password is wrong. You can request password reset!' - ] - ]); - } + $googleUserData = \Container::$request->session()->get('google_user_data'); + if ($googleUserData !== null) { + $user = $this->userRepository->getByEmail($googleUserData['email']); - \Container::$request->setUser($user); - - $this->deleteRedirectUrl(); - $data = ['redirect' => ['target' => $this->redirectUrl]]; - } else { - $data = [ - 'error' => [ - 'errorText' => 'There is a user already registered with the given email address. ' . - 'Please check your email and click on the activation link!' - ] - ]; - } - return new JsonContent($data); - } - - if (!empty($_ENV['RECAPTCHA_SITEKEY'])) { - if (!\Container::$request->post('g-recaptcha-response')) { - return new JsonContent(['error' => ['errorText' => 'Please check "I\'m not a robot" in the reCAPTCHA box!']]); - } - - $captchaValidator = new CaptchaValidator(); - $captchaResponse = $captchaValidator->validate(\Container::$request->post('g-recaptcha-response')); - if (!$captchaResponse['success']) { - return new JsonContent(['error' => ['errorText' => 'reCAPTCHA challenge failed. Please try again!']]); - } - } - - if (filter_var(\Container::$request->post('email'), FILTER_VALIDATE_EMAIL) === false) { - return new JsonContent(['error' => ['errorText' => 'The given email address is not valid.']]); - } - - if (\Container::$request->session()->has('tmp_user_data')) { - $tmpUserData = \Container::$request->session()->get('tmp_user_data'); - - $tmpUser = new User(); - $tmpUser->setPassword($tmpUserData['password_hashed']); - - if (!$tmpUser->checkPassword(\Container::$request->post('password'))) { - return new JsonContent(['error' => ['errorText' => 'The given passwords do not match.']]); - } - } else { - if (strlen(\Container::$request->post('password')) < 6) { + if ($user !== null) { return new JsonContent([ 'error' => [ - 'errorText' => 'The given password is too short. Please choose a password that is at least 6 characters long!' + 'errorText' => 'There is a user already registered with the email address of this Google account, ' . + 'but Google account is not linked to the user. Please login first to link your Google account!' ] ]); } - if (\Container::$request->post('password') !== \Container::$request->post('password_confirm')) { - return new JsonContent(['error' => ['errorText' => 'The given passwords do not match.']]); + $newUser->setActive(true); + $newUser->setEmail($googleUserData['email']); + $newUser->setGoogleSub($googleUserData['sub']); + } else { + $user = $this->userRepository->getByEmailOrUsername(\Container::$request->post('email')); + + if ($user !== null) { + if ($user->getActive()) { + if (!$user->checkPassword(\Container::$request->post('password'))) { + return new JsonContent([ + 'error' => [ + 'errorText' => 'There is a user already registered with the given email address / username, ' . + 'but the given password is wrong. You can request password reset!' + ] + ]); + } + + \Container::$request->setUser($user); + + $this->deleteRedirectUrl(); + $data = ['redirect' => ['target' => $this->redirectUrl]]; + } else { + $data = [ + 'error' => [ + 'errorText' => 'There is a user already registered with the given email address / username. ' . + 'Please check your email and click on the activation link!' + ] + ]; + } + return new JsonContent($data); } + + if (!empty($_ENV['RECAPTCHA_SITEKEY'])) { + if (!\Container::$request->post('g-recaptcha-response')) { + return new JsonContent(['error' => ['errorText' => 'Please check "I\'m not a robot" in the reCAPTCHA box!']]); + } + + $captchaValidator = new CaptchaValidator(); + $captchaResponse = $captchaValidator->validate(\Container::$request->post('g-recaptcha-response')); + if (!$captchaResponse['success']) { + return new JsonContent(['error' => ['errorText' => 'reCAPTCHA challenge failed. Please try again!']]); + } + } + + if (filter_var(\Container::$request->post('email'), FILTER_VALIDATE_EMAIL) === false) { + return new JsonContent(['error' => ['errorText' => 'The given email address is not valid.']]); + } + + if (\Container::$request->session()->has('tmp_user_data')) { + $tmpUserData = \Container::$request->session()->get('tmp_user_data'); + + $tmpUser = new User(); + $tmpUser->setPassword($tmpUserData['password_hashed']); + + if (!$tmpUser->checkPassword(\Container::$request->post('password'))) { + return new JsonContent(['error' => ['errorText' => 'The given passwords do not match.']]); + } + } else { + if (strlen(\Container::$request->post('password')) < 6) { + return new JsonContent([ + 'error' => [ + 'errorText' => 'The given password is too short. Please choose a password that is at least 6 characters long!' + ] + ]); + } + + if (\Container::$request->post('password') !== \Container::$request->post('password_confirm')) { + return new JsonContent(['error' => ['errorText' => 'The given passwords do not match.']]); + } + } + + $newUser->setActive(false); + $newUser->setEmail(\Container::$request->post('email')); + $newUser->setPlainPassword(\Container::$request->post('password')); } - $user = new User(); - $user->setEmail(\Container::$request->post('email')); - $user->setPlainPassword(\Container::$request->post('password')); - $user->setCreatedDate(new DateTime()); + if (strlen(\Container::$request->post('username')) > 0 && preg_match('/^[a-zA-Z0-9_\-\.]+$/', \Container::$request->post('username')) !== 1) { + return new JsonContent(['error' => ['errorText' => 'Username can contain only english letters, digits, - (hyphen), . (dot), _ (underscore).']]); + } - \Container::$persistentDataManager->saveToDb($user); + $newUser->setUsername(strlen(\Container::$request->post('username')) > 0 ? \Container::$request->post('username') : Factory::create()->userName); + $newUser->setCreatedDate(new DateTime()); - $token = bin2hex(random_bytes(16)); + \Container::$persistentDataManager->saveToDb($newUser); - $confirmation = new UserConfirmation(); - $confirmation->setUser($user); - $confirmation->setToken($token); - $confirmation->setLastSentDate(new DateTime()); + if ($googleUserData !== null) { + $this->sendWelcomeEmail($newUser->getEmail()); - \Container::$persistentDataManager->saveToDb($confirmation); + \Container::$request->setUser($newUser); + } else { + $token = bin2hex(random_bytes(16)); - $this->sendConfirmationEmail($user->getEmail(), $token, $user->getCreatedDate()); + $confirmation = new UserConfirmation(); + $confirmation->setUser($newUser); + $confirmation->setToken($token); + $confirmation->setLastSentDate(new DateTime()); + + \Container::$persistentDataManager->saveToDb($confirmation); + + $this->sendConfirmationEmail($newUser->getEmail(), $token, $newUser->getCreatedDate()); + } \Container::$request->session()->delete('tmp_user_data'); - - return new JsonContent(['success' => true]); - } - - public function signupWithGoogle(): IContent - { - if (\Container::$request->user() !== null) { - $this->deleteRedirectUrl(); - return new JsonContent(['success' => true]); - } - - $userData = \Container::$request->session()->get('google_user_data'); - - $user = $this->userRepository->getByEmail($userData['email']); - - if ($user === null) { - $sendWelcomeEmail = true; - - $user = new User(); - $user->setEmail($userData['email']); - $user->setCreatedDate(new DateTime()); - } else { - $sendWelcomeEmail = false; - } - - $user->setActive(true); - $user->setGoogleSub($userData['sub']); - - \Container::$persistentDataManager->saveToDb($user); - - if ($sendWelcomeEmail) { - $this->sendWelcomeEmail($user->getEmail()); - } - \Container::$request->session()->delete('google_user_data'); - \Container::$request->setUser($user); - $this->deleteRedirectUrl(); return new JsonContent(['success' => true]); } diff --git a/views/login/google_signup.php b/views/login/google_signup.php index e056e58..77a478f 100644 --- a/views/login/google_signup.php +++ b/views/login/google_signup.php @@ -5,21 +5,13 @@ @section(main)

Sign up

-
- -

Please confirm that you link your account to your Google account.

- -

Please confirm your sign up request. Your account will be linked to your Google account.

- + +

Please confirm your sign up request. Your account will be linked to your Google account.

+ +

-
diff --git a/views/login/signup.php b/views/login/signup.php index e9dcde5..76a5bfb 100644 --- a/views/login/signup.php +++ b/views/login/signup.php @@ -8,7 +8,7 @@
-

No user found with the given email address. Sign up with one click!

+

No user found with the given email address / username. Sign up with one click!

@@ -16,6 +16,7 @@ +
diff --git a/web.php b/web.php index 0dad311..c557cfc 100644 --- a/web.php +++ b/web.php @@ -38,7 +38,6 @@ Container::$routeCollection->group('signup', function (RouteCollection $routeCol $routeCollection->get('signup', '', [LoginController::class, 'getSignupForm']); $routeCollection->post('signup-action', '', [LoginController::class, 'signup']); $routeCollection->get('signup-google', 'google', [LoginController::class, 'getSignupWithGoogleForm']); - $routeCollection->post('signup-google-action', 'google', [LoginController::class, 'signupWithGoogle']); $routeCollection->post('signup.reset', 'reset', [LoginController::class, 'resetSignup']); $routeCollection->post('signup-google.reset', 'google/reset', [LoginController::class, 'resetGoogleSignup']); $routeCollection->get('signup.success', 'success', [LoginController::class, 'getSignupSuccess']);