src/Controller/Doctor/Auth/AuthController.php line 48

Open in your IDE?
  1. <?php
  2. namespace App\Controller\Doctor\Auth;
  4. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  5. use Symfony\Component\HttpFoundation\JsonResponse;
  6. use Symfony\Component\HttpFoundation\Request;
  7. use Symfony\Component\HttpFoundation\Response;
  8. use Symfony\Component\Routing\Annotation\Route;
  9. use Symfony\Component\HttpFoundation\RequestStack;
  10. use ImperiumApp\Manager\AuthManager;
  12. # AppsApi
  13. use Imperium\AppsApi\Auth\Lecture as ApiAuth;
  16. use Imperium\Config\iConfig;
  17. use Imperium\StaticUtils\Utils;
  18. use Ramsey\Uuid\Uuid;
  21. use Imperium\InterfaceData\imp_health\Doctors as IDataDoctors;
  23. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  24. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  25. use App\Entity\User;
  26. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  27. use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
  28. use Symfony\Component\EventDispatcher\EventDispatcher;
  29. use Imperium\InterfaceToken\userToken;
  30. use Imperium\InterfaceToken\cookieToken;
  33. use Symfony\Component\Security\Core\User\UserInterface;
  35. class AuthController extends AbstractController
  36. {
  38.     protected $tokenStorage;
  39.     protected $OTP;
  40.     protected $CryptSecretKey;
  41.     private $session;
  43.     public function __construct(RequestStack $request,TokenStorageInterface $tokenStorage,SessionInterface $session)
  44.     {
  45.         iConfig::initConfig();
  46.         $this->tokenStorage $tokenStorage;
  47.         $this->session $session;
  48.         $this->OTP $session->get('otp')??null;
  49.         $this->CryptSecretKey iConfig::getCryptSecretKey();
  51.     }
  53.     public function getSignin()
  54.     {
  55.         return $this->render('doctor/auth/index.html.twig');
  56.     }
  57.     public function postSigninEmail(Request $request)
  58.     {
  59.         self::verify_postSigninEmail($request);
  61.         $identifiant $request->get('identifiant');
  62.         $params = [];
  63.         $params['args']['email'] = $identifiant;
  64.         $response ApiAuth::getCompteByEmail($params);
  66.         if ( $response->compte == null ) {
  67.             return new JsonResponse(['status'=>401,"code"=>"unauthorized","title"=>"Unauthorized","message"=>"Email not found"],401);    
  68.         }
  69.         if( $response->compte->Ip_Comptes->Validite ==  ){ //#ToDo  $response->compte->Ip_Comptes->Validite == 0
  70.             $identifiant $request->get('identifiant');
  72.             $params = [];
  73.             $params['args']['email'] = $identifiant;
  74.             $params['args']['IdCompte'] = $response->compte->Ip_Comptes->IdCompte;
  75.             $otp ApiAuth::generateOtp($params);
  76.             // $otp = new \stdClass();
  77.             // $otp->data = new \stdClass();
  78.             $params_twig= [];
  79.             // $otp->data->otp = 1111; //#ToDo remove this line
  80.             $params_twig['otp'] = Utils::CryptJWT($otp->data->otp,$this->CryptSecretKey);
  81.             $params_twig['IdCompte'] = Utils::CryptJWT($params['args']['IdCompte'],$this->CryptSecretKey);
  82.             $params_twig['identifiant'] = $identifiant;
  83.             return new JsonResponse(['status'=>1000,"code"=>"item_invalid","message"=>"account validated","data"=>$params_twig]);
  84.         }
  85.         
  86.         $params_twig['IdCompte'] = Utils::CryptJWT($response->compte->Ip_Comptes->IdCompte,$this->CryptSecretKey);
  88.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success","data"=>$params_twig]);
  90.         // $rsponse = ApiAuth::getCompteByEmail()
  91.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success"]);
  92.     }
  94.     public function postValidatedCompte(Request $request)
  95.     {
  96.         self::verify_postValidatedCompte($request,$this->CryptSecretKey);
  97.         $otp =  Utils::DecryptJWT($request->get('otp'),$this->CryptSecretKey); 
  98.         $this->session->set('otp',$otp);
  100.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success"]);
  101.     }
  103.     public function postValidatedCompteAuth(Request $request)
  104.     {
  105.         
  106.         self::verify_postValidatedCompteAuth($request,$this->CryptSecretKey);
  107.         
  108.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$this->CryptSecretKey);
  110.         $password $request->get('password');
  111.         $identifiant $request->get('identifiant');
  112.         $params = [];
  113.         $params['username'] = $identifiant;
  114.         $params['password'] = $password;
  115.         $response ApiAuth::usersSignin($params);
  116.         if( isset($response->token) ){
  117.             if( (new IDataDoctors())->first(['IdCompte'=>$IdCompte]) ){
  118.                 $compte ApiAuth::usersVerify(['token'=>$response->token]);
  119.                 self::loadSession($IdCompte,$identifiant,$this,$request);
  121.                 $IdOrganization Utils::CryptJWT(1,$this->OTP);
  122.                 return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success","data"=>[
  123.                     'redirect'=>$this->generateUrl('doctorDashboard',['IdOrganization'=>$IdOrganization])
  124.                 ]]);
  127.             }else{
  128.                 throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "account unconfigured","message"=>"The account is not configured","data"=>[
  129.                     'account_unconfigured'=>true,
  130.                 ]],422))->send();
  131.             }
  132.         }else{
  133.             return new JsonResponse(['status'=>401,"code"=>"unauthorized","title"=>"Unauthorized","message"=>"Unauthorized"],401);    
  134.         }
  136.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success"]);
  137.     }
  140.     public function postCompteVerifyAuth(Request $request)
  141.     {
  142.         self::verify_postCompteVerifyAuth($request,$this->CryptSecretKey);
  144.         $password $request->get('password');
  145.         $identifiant $request->get('identifiant');
  146.         $IdCompte $request->get('IdCompte');
  148.         $params = [];
  149.         $params['username'] = $identifiant;
  150.         $params['password'] = $password;
  151.         $response ApiAuth::usersSignin($params);
  153.         if( isset($response->token) ){
  154.             $params = [];
  155.             $params['args']['email'] = $identifiant;
  156.             $params['args']['IdCompte'] = Utils::DecryptJWT($IdCompte,$this->CryptSecretKey);
  157.             $otp ApiAuth::generateOtpSante($params);
  158.             // $otp = new \stdClass();
  159.             // $otp->data = new \stdClass();
  160.             $params_twig= [];
  161.             // $otp->data->otp = 1111; //#ToDo remove this line
  162.             $params_twig['otp'] = Utils::CryptJWT($otp->data->otp,$this->CryptSecretKey);
  163.             $params_twig['password'] = Utils::CryptJWT($password,$this->CryptSecretKey);
  164.             $params_twig['token'] = $response->token;
  166.             return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success","data"=>$params_twig]);
  167.         }else{
  168.             return new JsonResponse(['status'=>401,"code"=>"unauthorized","title"=>"password invalid","message"=>"password invalid"],401);   
  169.         }
  170.         
  171.     }
  173.     public function postCompteAuth(Request $request)
  174.     {
  175.         self::verify_postCompteAuth($request,$this->CryptSecretKey);
  176.         $otp =  Utils::DecryptJWT($request->get('otp'),$this->CryptSecretKey); 
  177.         $this->session->set('otp',$otp);
  178.         // virify token
  180.         $token $request->get('token');
  181.         $userToken ApiAuth::usersVerify(['token'=>$token]);
  182.         if( $userToken->status == 401 ){
  183.             return new JsonResponse(['status'=>401,"code"=>"expired","title"=>"Expired","message"=>"expired token"],401);    
  184.         }
  186.         $password $request->get('password');
  187.         $identifiant $request->get('identifiant');
  188.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$this->CryptSecretKey);
  189.         if( (new IDataDoctors())->first(['IdCompte'=>$IdCompte]) ){
  190.             self::loadSession($IdCompte,$identifiant,$this,$request);
  191.         }else{
  192.             throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "account unconfigured","message"=>"The account is not configured","data"=>[
  193.                 'account_unconfigured'=>true,
  194.             ]],422))->send();
  195.         }
  197.         $IdOrganization Utils::CryptJWT(1,$otp);
  198.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success","data"=>[
  199.             'redirect'=>$this->generateUrl('doctorDashboard',['IdOrganization'=>$IdOrganization])
  200.         ]]);
  201.         
  202.     }
  205.     protected static function verify_postCompteAuth($request,$cryptageKey)
  206.     {
  207.         
  208.         $validators = [];
  209.         if( !$request->request->has('password') || empty($request->get('password'))){
  210.             $validators['fields'] = "Password is required";
  211.         }
  212.         if( !$request->request->has('token') || empty($request->get('token'))){
  213.             $validators['fields'] = "token is required";
  214.         }
  216.         if( !$request->request->has('identifiant') || empty($request->get('identifiant'))){
  217.             $validators['fields'] = "identifiant is required";
  218.         }
  220.         if( !$request->request->has('otp') || empty($request->get('otp'))){
  221.             $validators['fields'] = "otp is required";
  222.         }
  223.         
  224.         if( !$request->request->has('codeOne') && !preg_match'/^[0-9]+$/' $request->get('codeOne') ) ){
  225.             $validators['codeAuthAccount1'] = "the codeOne field is mandatory .";
  226.         }
  227.         if( !$request->request->has('codeTwo') && !preg_match'/^[0-9]+$/' $request->get('codeTwo') ) ){
  228.             $validators['codeAuthAccount2'] = "the codeTwo field is mandatory .";
  229.         }
  230.         if( !$request->request->has('codeTree') && !preg_match(' /^[0-9]+$/',  $request->get('codeTree') ) ){
  231.             $validators['codeAuthAccount3'] = "the codeTree field is mandatory .";
  232.         }
  233.         if( !$request->request->has('codeFour') && !preg_match(' /^[0-9]+$/',  $request->get('codeFour') ) ){
  234.             $validators['codeAuthAccount4'] = "the codeFour field is mandatory .";
  235.         }
  237.         // concatenate otp code
  238.         $code $request->get('codeOne') . $request->get('codeTwo') . $request->get('codeTree') . $request->get('codeFour');
  239.         $otp =  Utils::DecryptJWT($request->get('otp'),$cryptageKey); 
  240.         // compare otp code
  241.         if($code != $otp){
  242.             $validators['otp'] = "The OTP is not Valide . Please Provide the valide one .";
  243.         }
  248.         // check idcompte & idetifiant
  249.         $identifiant $request->get('identifiant');
  250.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$cryptageKey);
  251.         $params = [];
  252.         $params['args']['email'] = $identifiant;
  253.         $response ApiAuth::getCompteByEmail($params);
  254.         if ( !($response->compte != null && isset($response->compte->Ip_Comptes->IdCompte) && $response->compte->Ip_Comptes->IdCompte == $IdCompte) ) {
  255.             $validators['fields'] = "some fields is required";
  256.         }
  259.         // check password & identifiant
  260.         $params = [];
  261.         $params['username'] = $identifiant;
  262.         $params['password'] = Utils::DecryptJWT($request->get('password'),$cryptageKey);
  263.         $response ApiAuth::usersSignin($params);
  264.         if( $response == null  ){
  265.             $validators['fields'] = "some fields is required";
  266.         }
  268.         if(count($validators)>0){
  269.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  270.             throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "Confirmation Erreur","message"=>"The data provided was invalid","data"=>$validators],422))->send();
  271.         }
  272.     }
  274.     protected static function verify_postCompteVerifyAuth($request,$cryptageKey)
  275.     {
  276.         $data = [];
  277.         $data["code"] = "error";
  278.         $data["status"] = 422;
  279.         
  280.         $validators = [];
  281.         if( !$request->request->has('password') || empty($request->get('password'))){
  282.             $validators['password'] = "Password is required";
  283.         }
  284.         
  285.         // check idcompte & idetifiant
  286.         $identifiant $request->get('identifiant');
  287.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$cryptageKey);
  288.         $params = [];
  289.         $params['args']['email'] = $identifiant;
  290.         $response ApiAuth::getCompteByEmail($params);
  291.         if ( !($response->compte != null && isset($response->compte->Ip_Comptes->IdCompte) && $response->compte->Ip_Comptes->IdCompte == $IdCompte) ) {
  292.             $validators['fields'] = "some fields is required";
  293.         }
  295.         if(count($validators)>0){
  296.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  297.             throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "Confirmation Erreur","message"=>"The data provided was invalid","data"=>$validators],422))->send();
  298.         }
  299.     }
  302.     protected static function verify_postValidatedCompte($request,$cryptageKey)
  303.     {
  304.         $data = [];
  305.         $data["code"] = "error";
  306.         $data["status"] = 422;
  307.         
  308.         $validators = [];
  310.         if( !$request->request->has('codeOne') && !preg_match'/^[0-9]+$/' $request->get('codeOne') ) ){
  311.             $validators['codemailphone1'] = "the codeOne field is mandatory .";
  312.         }
  313.         if( !$request->request->has('codeTwo') && !preg_match'/^[0-9]+$/' $request->get('codeTwo') ) ){
  314.             $validators['codemailphone2'] = "the codeTwo field is mandatory .";
  315.         }
  316.         if( !$request->request->has('codeTree') && !preg_match(' /^[0-9]+$/',  $request->get('codeTree') ) ){
  317.             $validators['codemailphone3'] = "the codeTree field is mandatory .";
  318.         }
  319.         if( !$request->request->has('codeFour') && !preg_match(' /^[0-9]+$/',  $request->get('codeFour') ) ){
  320.             $validators['codemailphone4'] = "the codeFour field is mandatory .";
  321.         }
  322.         
  323.         if( !$request->request->has('IdCompte') || empty($request->get('IdCompte'))){
  324.             $validators['fields'] = "some fields is requireds";
  325.         }
  326.         if( !$request->request->has('identifiant') || empty($request->get('identifiant'))){
  327.             $validators['fields'] = "some fields is requireds";
  328.         }
  329.         
  330.         // concatenate otp code
  331.         $code $request->get('codeOne') . $request->get('codeTwo') . $request->get('codeTree') . $request->get('codeFour');
  333.         $otp =  Utils::DecryptJWT($request->get('otp'),$cryptageKey); 
  335.         // compare otp code
  336.         if($code != $otp){
  337.             $validators['otp'] = "The OTP is not Valide . Please Provide the valide one .";
  338.         }
  340.         // check idcompte & idetifiant
  341.         $identifiant $request->get('identifiant');
  342.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$cryptageKey);
  343.         $params = [];
  344.         $params['args']['email'] = $identifiant;
  345.         $response ApiAuth::getCompteByEmail($params);
  346.         if ( !($response->compte != null && isset($response->compte->Ip_Comptes->IdCompte) && $response->compte->Ip_Comptes->IdCompte == $IdCompte) ) {
  347.             $validators['fields'] = "some fields is requireds";
  348.         }
  349.         if(count($validators)>0){
  350.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  351.             throw (new JsonResponse(['code'=>'error','status'=>422,"title"=>"error","message"=>"The data provided was invalid","data"=>$validators],422))->send();
  352.         }
  353.     }
  354.     protected static function verify_postSigninEmail($request)
  355.     {
  356.         $data = [];
  357.         $data["code"] = "error";
  358.         $data["status"] = 422;
  360.         $validators = [];
  361.         if( !$request->request->has('identifiant') || empty($request->get('identifiant'))){
  362.             $validators['identifiant'] = "the identifiant field is mandatory";
  363.         }
  366.         if(count($validators)>0){
  367.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  368.             throw (new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422))->send();
  369.         }
  370.     }
  372.     protected static function verify_postValidatedCompteAuth($request,$cryptageKey)
  373.     {
  374.         $data = [];
  375.         $data["code"] = "error";
  376.         $data["status"] = 422;
  377.         
  378.         $validators = [];
  379.         if( !$request->request->has('password') || empty($request->get('password'))){
  380.             $validators['password'] = "some password is requireds";
  381.         }
  382.         if( !$request->request->has('confirmPassword') || empty($request->get('confirmPassword'))){
  383.             $validators['confirmPassword'] = "some confirmPassword is requireds";
  384.         }
  385.         if( $request->request->has('password')  && $request->request->has('confirmPassword')  && $request->get('password') != $request->get('confirmPassword')){
  386.             $validators['confirm'] = "Password confirmation is not valide";
  387.         }
  388.       
  389.         if( !$request->request->has('IdCompte') || empty($request->get('IdCompte'))){
  390.             $validators['fields'] = "some fields is requireds";
  391.         }
  393.         if( !$request->request->has('identifiant') || empty($request->get('identifiant'))){
  394.             $validators['fields'] = "some fields is requireds";
  395.         }
  396.         // check idcompte & idetifiant
  397.         $identifiant $request->get('identifiant');
  398.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$cryptageKey);
  399.         $params = [];
  400.         $params['args']['email'] = $identifiant;
  401.         $response ApiAuth::getCompteByEmail($params);
  402.         if ( !($response->compte != null && isset($response->compte->Ip_Comptes->IdCompte) && $response->compte->Ip_Comptes->IdCompte == $IdCompte) ) {
  403.             $validators['fields'] = "some fields is requireds";
  404.         }
  406.         if(count($validators)>0){
  407.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  408.             throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "Confirmation Erreur","message"=>"The data provided was invalid","data"=>$validators],422))->send();
  409.         }
  410.     }
  412.     protected static function loadSession($IdCompte,$identifiant,$current,$request)
  413.     {
  414.         $compte ApiAuth::compteDetail($IdCompte);
  415.         $current->session->set('user'$compte->data->compte );
  416.         $current->session->set('compteid'$compte->data->compte->IdCompte );
  417.         $current->session->set('user_image''logo');
  419.         $user = new User();
  420.         $user->setId($compte->data->compte->IdCompte);
  421.         $user->setUserName($compte->data->compte->X_NOM.' '.$compte->data->compte->X_PRENOM);
  422.         $user->setEmail($identifiant);
  423.         $user->setFirstName($compte->data->compte->X_PRENOM);
  424.         $user->setLastName($compte->data->compte->X_NOM);
  425.         $user->setUserImage($compte->data->compte->pic_profile);
  426.         $user->setRoles(['ROLE_ADMIN']);
  427.         //Create session for symfony
  428.         $token = new UsernamePasswordToken($usernull'main', ['ROLE_ADMIN']);
  430.         $current->tokenStorage->setToken($token);
  431.         $request->getSession()->set('_security_main'serialize($token));
  433.         $dispatcher = new EventDispatcher();
  434.         $event = new InteractiveLoginEvent($request$token);
  435.         $dispatcher->dispatch($event);
  437.         try {
  438.             //generate user token
  439.             $uToken = new userToken(null,$current->session);
  440.             $userToken $uToken->authenticate($email$password);
  441.             
  442.         } catch ( \Exception $th) {
  443.             error_log$th->getMessage() , 0);
  444.         }
  445.         try {
  446.             // must check $userToken->status == 200 before continue
  447.             //push cookie 
  448.             $cToken = new cookieToken(null,$current->session);
  449.             $cToken->user_token $userToken->token;
  450.             $cToken->set('lastName','wakrim');
  451.             $cToken->set('firstName','brahim');
  452.             $cToken->push();
  453.             
  454.         } catch ( \Exception $th) {
  455.             error_log$th->getMessage() , 0);
  456.         }
  458.         //test if request is xhr
  459.         if ($request->isXmlHttpRequest()){
  460.             return new JsonResponse(['message' => 'authenticated' 'code' => 'authenticated' 'status' => 200], 200);
  461.         }
  462.     }
  463. }