src/Controller/Doctor/Auth/AuthController.php line 55

Open in your IDE?
  1. <?php
  2. namespace App\Controller\Doctor\Auth;
  3. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  4. use Symfony\Component\HttpFoundation\JsonResponse;
  5. use Symfony\Component\HttpFoundation\Request;
  6. use Symfony\Component\HttpFoundation\Response;
  7. use Symfony\Component\Routing\Annotation\Route;
  8. use Symfony\Component\HttpFoundation\RequestStack;
  9. use ImperiumApp\Manager\AuthManager;
  10. # AppsApi
  11. use Imperium\AppsApi\Auth\Lecture as ApiAuth;
  12. use Imperium\Config\iConfig;
  13. use Imperium\StaticUtils\Utils;
  14. use Ramsey\Uuid\Uuid;
  15. use Imperium\InterfaceData\imp_health\Doctors as IDataDoctors;
  16. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  17. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  18. use App\Entity\User;
  19. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  20. use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
  21. use Symfony\Component\EventDispatcher\EventDispatcher;
  22. use Imperium\InterfaceToken\userToken;
  23. use Imperium\InterfaceToken\cookieToken;
  24. use Symfony\Component\Security\Core\User\UserInterface;
  25. class AuthController extends AbstractController
  26. {
  27.     protected $tokenStorage;
  28.     protected $OTP;
  29.     protected $CryptSecretKey;
  30.     private $session;
  31.     public function __construct(RequestStack $request,TokenStorageInterface $tokenStorage,SessionInterface $session)
  32.     {
  33.         iConfig::initConfig();
  34.         $this->tokenStorage $tokenStorage;
  35.         $this->session $session;
  36.         $this->OTP $session->get('otp')??null;
  37.         $this->CryptSecretKey iConfig::getCryptSecretKey();
  38.     }
  39.     public function getSignin()
  40.     {
  41.         return $this->render('doctor/auth/index.html.twig');
  42.     }
  43.     public function postSigninEmail(Request $request)
  44.     {
  45.         self::verify_postSigninEmail($request);
  46.         $identifiant $request->get('identifiant');
  47.         $params = [];
  48.         $params['args']['email'] = $identifiant;
  49.         $response ApiAuth::getCompteByEmail($params);
  50.         if ( $response->compte == null ) {
  51.             return new JsonResponse(['status'=>401,"code"=>"unauthorized","title"=>"Unauthorized","message"=>"Email not found"],401);    
  52.         }
  53.         if( $response->compte->Ip_Comptes->Validite ==  ){ //#ToDo  $response->compte->Ip_Comptes->Validite == 0
  54.             $identifiant $request->get('identifiant');
  55.             $params = [];
  56.             $params['args']['email'] = $identifiant;
  57.             $params['args']['IdCompte'] = $response->compte->Ip_Comptes->IdCompte;
  58.             $otp ApiAuth::generateOtp($params);
  59.             // $otp = new \stdClass();
  60.             // $otp->data = new \stdClass();
  61.             $params_twig= [];
  62.             // $otp->data->otp = 1111; //#ToDo remove this line
  63.             $params_twig['otp'] = Utils::CryptJWT($otp->data->otp,$this->CryptSecretKey);
  64.             $params_twig['IdCompte'] = Utils::CryptJWT($params['args']['IdCompte'],$this->CryptSecretKey);
  65.             $params_twig['identifiant'] = $identifiant;
  66.             return new JsonResponse(['status'=>1000,"code"=>"item_invalid","message"=>"account validated","data"=>$params_twig]);
  67.         }
  68.         
  69.         $params_twig['IdCompte'] = Utils::CryptJWT($response->compte->Ip_Comptes->IdCompte,$this->CryptSecretKey);
  70.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success","data"=>$params_twig]);
  71.         // $rsponse = ApiAuth::getCompteByEmail()
  72.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success"]);
  73.     }
  74.     public function postValidatedCompte(Request $request)
  75.     {
  76.         self::verify_postValidatedCompte($request,$this->CryptSecretKey);
  77.         $otp =  Utils::DecryptJWT($request->get('otp'),$this->CryptSecretKey); 
  78.         $this->session->set('otp',$otp);
  79.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success"]);
  80.     }
  81.     public function postValidatedCompteAuth(Request $request)
  82.     {
  83.         
  84.         self::verify_postValidatedCompteAuth($request,$this->CryptSecretKey);
  85.         
  86.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$this->CryptSecretKey);
  87.         $password $request->get('password');
  88.         $identifiant $request->get('identifiant');
  89.         $params = [];
  90.         $params['username'] = $identifiant;
  91.         $params['password'] = $password;
  92.         $response ApiAuth::usersSignin($params);
  93.         if( isset($response->token) ){
  94.             if( (new IDataDoctors())->first(['IdCompte'=>$IdCompte]) ){
  95.                 $compte ApiAuth::usersVerify(['token'=>$response->token]);
  96.                 self::loadSession($IdCompte,$identifiant,$this,$request);
  97.                 $IdOrganization Utils::CryptJWT(1,$this->OTP);
  98.                 return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success","data"=>[
  99.                     'redirect'=>$this->generateUrl('doctorDashboard',['IdOrganization'=>$IdOrganization])
  100.                 ]]);
  101.             }else{
  102.                 throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "account unconfigured","message"=>"The account is not configured","data"=>[
  103.                     'account_unconfigured'=>true,
  104.                 ]],422))->send();
  105.             }
  106.         }else{
  107.             return new JsonResponse(['status'=>401,"code"=>"unauthorized","title"=>"Unauthorized","message"=>"Unauthorized"],401);    
  108.         }
  109.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success"]);
  110.     }
  111.     public function postCompteVerifyAuth(Request $request)
  112.     {
  113.         self::verify_postCompteVerifyAuth($request,$this->CryptSecretKey);
  114.         $password $request->get('password');
  115.         $identifiant $request->get('identifiant');
  116.         $IdCompte $request->get('IdCompte');
  117.         $params = [];
  118.         $params['username'] = $identifiant;
  119.         $params['password'] = $password;
  120.         $response ApiAuth::usersSignin($params);
  121.         if( isset($response->token) ){
  122.             $params = [];
  123.             $params['args']['email'] = $identifiant;
  124.             $params['args']['IdCompte'] = Utils::DecryptJWT($IdCompte,$this->CryptSecretKey);
  125.             $otp ApiAuth::generateOtpSante($params);
  126.             // $otp = new \stdClass();
  127.             // $otp->data = new \stdClass();
  128.             $params_twig= [];
  129.             // $otp->data->otp = 1111; //#ToDo remove this line
  130.             $params_twig['otp'] = Utils::CryptJWT($otp->data->otp,$this->CryptSecretKey);
  131.             $params_twig['password'] = Utils::CryptJWT($password,$this->CryptSecretKey);
  132.             $params_twig['token'] = $response->token;
  133.             return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success","data"=>$params_twig]);
  134.         }else{
  135.             return new JsonResponse(['status'=>401,"code"=>"unauthorized","title"=>"password invalid","message"=>"password invalid"],401);   
  136.         }
  137.         
  138.     }
  139.     public function postCompteAuth(Request $request)
  140.     {
  141.         self::verify_postCompteAuth($request,$this->CryptSecretKey);
  142.         $otp =  Utils::DecryptJWT($request->get('otp'),$this->CryptSecretKey); 
  143.         $this->session->set('otp',$otp);
  144.         // virify token
  145.         $token $request->get('token');
  146.         $userToken ApiAuth::usersVerify(['token'=>$token]);
  147.         if( $userToken->status == 401 ){
  148.             return new JsonResponse(['status'=>401,"code"=>"expired","title"=>"Expired","message"=>"expired token"],401);    
  149.         }
  150.         $password $request->get('password');
  151.         $identifiant $request->get('identifiant');
  152.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$this->CryptSecretKey);
  153.         if( (new IDataDoctors())->first(['IdCompte'=>$IdCompte]) ){
  154.             self::loadSession($IdCompte,$identifiant,$this,$request);
  155.         }else{
  156.             throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "account unconfigured","message"=>"The account is not configured","data"=>[
  157.                 'account_unconfigured'=>true,
  158.             ]],422))->send();
  159.         }
  160.         $IdOrganization Utils::CryptJWT(1,$otp);
  161.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success","data"=>[
  162.             'redirect'=>$this->generateUrl('doctorDashboard',['IdOrganization'=>$IdOrganization])
  163.         ]]);
  164.         
  165.     }
  166.     protected static function verify_postCompteAuth($request,$cryptageKey)
  167.     {
  168.         
  169.         $validators = [];
  170.         if( !$request->request->has('password') || empty($request->get('password'))){
  171.             $validators['fields'] = "Password is required";
  172.         }
  173.         if( !$request->request->has('token') || empty($request->get('token'))){
  174.             $validators['fields'] = "token is required";
  175.         }
  176.         if( !$request->request->has('identifiant') || empty($request->get('identifiant'))){
  177.             $validators['fields'] = "identifiant is required";
  178.         }
  179.         if( !$request->request->has('otp') || empty($request->get('otp'))){
  180.             $validators['fields'] = "otp is required";
  181.         }
  182.         
  183.         if( !$request->request->has('codeOne') && !preg_match'/^[0-9]+$/' $request->get('codeOne') ) ){
  184.             $validators['codeAuthAccount1'] = "the codeOne field is mandatory .";
  185.         }
  186.         if( !$request->request->has('codeTwo') && !preg_match'/^[0-9]+$/' $request->get('codeTwo') ) ){
  187.             $validators['codeAuthAccount2'] = "the codeTwo field is mandatory .";
  188.         }
  189.         if( !$request->request->has('codeTree') && !preg_match(' /^[0-9]+$/',  $request->get('codeTree') ) ){
  190.             $validators['codeAuthAccount3'] = "the codeTree field is mandatory .";
  191.         }
  192.         if( !$request->request->has('codeFour') && !preg_match(' /^[0-9]+$/',  $request->get('codeFour') ) ){
  193.             $validators['codeAuthAccount4'] = "the codeFour field is mandatory .";
  194.         }
  195.         // concatenate otp code
  196.         $code $request->get('codeOne') . $request->get('codeTwo') . $request->get('codeTree') . $request->get('codeFour');
  197.         $otp =  Utils::DecryptJWT($request->get('otp'),$cryptageKey); 
  198.         // compare otp code
  199.         if($code != $otp){
  200.             $validators['otp'] = "The OTP is not Valide . Please Provide the valide one .";
  201.         }
  202.         // check idcompte & idetifiant
  203.         $identifiant $request->get('identifiant');
  204.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$cryptageKey);
  205.         $params = [];
  206.         $params['args']['email'] = $identifiant;
  207.         $response ApiAuth::getCompteByEmail($params);
  208.         if ( !($response->compte != null && isset($response->compte->Ip_Comptes->IdCompte) && $response->compte->Ip_Comptes->IdCompte == $IdCompte) ) {
  209.             $validators['fields'] = "some fields is required";
  210.         }
  211.         // check password & identifiant
  212.         $params = [];
  213.         $params['username'] = $identifiant;
  214.         $params['password'] = Utils::DecryptJWT($request->get('password'),$cryptageKey);
  215.         $response ApiAuth::usersSignin($params);
  216.         if( $response == null  ){
  217.             $validators['fields'] = "some fields is required";
  218.         }
  219.         if(count($validators)>0){
  220.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  221.             throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "Confirmation Erreur","message"=>"The data provided was invalid","data"=>$validators],422))->send();
  222.         }
  223.     }
  224.     protected static function verify_postCompteVerifyAuth($request,$cryptageKey)
  225.     {
  226.         $data = [];
  227.         $data["code"] = "error";
  228.         $data["status"] = 422;
  229.         
  230.         $validators = [];
  231.         if( !$request->request->has('password') || empty($request->get('password'))){
  232.             $validators['password'] = "Password is required";
  233.         }
  234.         
  235.         // check idcompte & idetifiant
  236.         $identifiant $request->get('identifiant');
  237.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$cryptageKey);
  238.         $params = [];
  239.         $params['args']['email'] = $identifiant;
  240.         $response ApiAuth::getCompteByEmail($params);
  241.         if ( !($response->compte != null && isset($response->compte->Ip_Comptes->IdCompte) && $response->compte->Ip_Comptes->IdCompte == $IdCompte) ) {
  242.             $validators['fields'] = "some fields is required";
  243.         }
  244.         if(count($validators)>0){
  245.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  246.             throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "Confirmation Erreur","message"=>"The data provided was invalid","data"=>$validators],422))->send();
  247.         }
  248.     }
  249.     protected static function verify_postValidatedCompte($request,$cryptageKey)
  250.     {
  251.         $data = [];
  252.         $data["code"] = "error";
  253.         $data["status"] = 422;
  254.         
  255.         $validators = [];
  256.         if( !$request->request->has('codeOne') && !preg_match'/^[0-9]+$/' $request->get('codeOne') ) ){
  257.             $validators['codemailphone1'] = "the codeOne field is mandatory .";
  258.         }
  259.         if( !$request->request->has('codeTwo') && !preg_match'/^[0-9]+$/' $request->get('codeTwo') ) ){
  260.             $validators['codemailphone2'] = "the codeTwo field is mandatory .";
  261.         }
  262.         if( !$request->request->has('codeTree') && !preg_match(' /^[0-9]+$/',  $request->get('codeTree') ) ){
  263.             $validators['codemailphone3'] = "the codeTree field is mandatory .";
  264.         }
  265.         if( !$request->request->has('codeFour') && !preg_match(' /^[0-9]+$/',  $request->get('codeFour') ) ){
  266.             $validators['codemailphone4'] = "the codeFour field is mandatory .";
  267.         }
  268.         
  269.         if( !$request->request->has('IdCompte') || empty($request->get('IdCompte'))){
  270.             $validators['fields'] = "some fields is requireds";
  271.         }
  272.         if( !$request->request->has('identifiant') || empty($request->get('identifiant'))){
  273.             $validators['fields'] = "some fields is requireds";
  274.         }
  275.         
  276.         // concatenate otp code
  277.         $code $request->get('codeOne') . $request->get('codeTwo') . $request->get('codeTree') . $request->get('codeFour');
  278.         $otp =  Utils::DecryptJWT($request->get('otp'),$cryptageKey); 
  279.         // compare otp code
  280.         if($code != $otp){
  281.             $validators['otp'] = "The OTP is not Valide . Please Provide the valide one .";
  282.         }
  283.         // check idcompte & idetifiant
  284.         $identifiant $request->get('identifiant');
  285.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$cryptageKey);
  286.         $params = [];
  287.         $params['args']['email'] = $identifiant;
  288.         $response ApiAuth::getCompteByEmail($params);
  289.         if ( !($response->compte != null && isset($response->compte->Ip_Comptes->IdCompte) && $response->compte->Ip_Comptes->IdCompte == $IdCompte) ) {
  290.             $validators['fields'] = "some fields is requireds";
  291.         }
  292.         if(count($validators)>0){
  293.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  294.             throw (new JsonResponse(['code'=>'error','status'=>422,"title"=>"error","message"=>"The data provided was invalid","data"=>$validators],422))->send();
  295.         }
  296.     }
  297.     protected static function verify_postSigninEmail($request)
  298.     {
  299.         $data = [];
  300.         $data["code"] = "error";
  301.         $data["status"] = 422;
  302.         $validators = [];
  303.         if( !$request->request->has('identifiant') || empty($request->get('identifiant'))){
  304.             $validators['identifiant'] = "the identifiant field is mandatory";
  305.         }
  306.         if(count($validators)>0){
  307.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  308.             throw (new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422))->send();
  309.         }
  310.     }
  311.     protected static function verify_postValidatedCompteAuth($request,$cryptageKey)
  312.     {
  313.         $data = [];
  314.         $data["code"] = "error";
  315.         $data["status"] = 422;
  316.         
  317.         $validators = [];
  318.         if( !$request->request->has('password') || empty($request->get('password'))){
  319.             $validators['password'] = "some password is requireds";
  320.         }
  321.         if( !$request->request->has('confirmPassword') || empty($request->get('confirmPassword'))){
  322.             $validators['confirmPassword'] = "some confirmPassword is requireds";
  323.         }
  324.         if( $request->request->has('password')  && $request->request->has('confirmPassword')  && $request->get('password') != $request->get('confirmPassword')){
  325.             $validators['confirm'] = "Password confirmation is not valide";
  326.         }
  327.       
  328.         if( !$request->request->has('IdCompte') || empty($request->get('IdCompte'))){
  329.             $validators['fields'] = "some fields is requireds";
  330.         }
  331.         if( !$request->request->has('identifiant') || empty($request->get('identifiant'))){
  332.             $validators['fields'] = "some fields is requireds";
  333.         }
  334.         // check idcompte & idetifiant
  335.         $identifiant $request->get('identifiant');
  336.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$cryptageKey);
  337.         $params = [];
  338.         $params['args']['email'] = $identifiant;
  339.         $response ApiAuth::getCompteByEmail($params);
  340.         if ( !($response->compte != null && isset($response->compte->Ip_Comptes->IdCompte) && $response->compte->Ip_Comptes->IdCompte == $IdCompte) ) {
  341.             $validators['fields'] = "some fields is requireds";
  342.         }
  343.         if(count($validators)>0){
  344.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  345.             throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "Confirmation Erreur","message"=>"The data provided was invalid","data"=>$validators],422))->send();
  346.         }
  347.     }
  348.     protected static function loadSession($IdCompte,$identifiant,$current,$request)
  349.     {
  350.         $compte ApiAuth::compteDetail($IdCompte);
  351.         $current->session->set('user'$compte->data->compte );
  352.         $current->session->set('compteid'$compte->data->compte->IdCompte );
  353.         $current->session->set('user_image''logo');
  354.         $user = new User();
  355.         $user->setId($compte->data->compte->IdCompte);
  356.         $user->setUserName($compte->data->compte->X_NOM.' '.$compte->data->compte->X_PRENOM);
  357.         $user->setEmail($identifiant);
  358.         $user->setFirstName($compte->data->compte->X_PRENOM);
  359.         $user->setLastName($compte->data->compte->X_NOM);
  360.         $user->setUserImage($compte->data->compte->pic_profile);
  361.         $user->setRoles(['ROLE_ADMIN']);
  362.         //Create session for symfony
  363.         $token = new UsernamePasswordToken($usernull'main', ['ROLE_ADMIN']);
  364.         $current->tokenStorage->setToken($token);
  365.         $request->getSession()->set('_security_main'serialize($token));
  366.         $dispatcher = new EventDispatcher();
  367.         $event = new InteractiveLoginEvent($request$token);
  368.         $dispatcher->dispatch($event);
  369.         try {
  370.             //generate user token
  371.             $uToken = new userToken(null,$current->session);
  372.             $userToken $uToken->authenticate($email$password);
  373.             
  374.         } catch ( \Exception $th) {
  375.             error_log$th->getMessage() , 0);
  376.         }
  377.         try {
  378.             // must check $userToken->status == 200 before continue
  379.             //push cookie 
  380.             $cToken = new cookieToken(null,$current->session);
  381.             $cToken->user_token $userToken->token;
  382.             $cToken->set('lastName','wakrim');
  383.             $cToken->set('firstName','brahim');
  384.             $cToken->push();
  385.             
  386.         } catch ( \Exception $th) {
  387.             error_log$th->getMessage() , 0);
  388.         }
  389.         //test if request is xhr
  390.         if ($request->isXmlHttpRequest()){
  391.             return new JsonResponse(['message' => 'authenticated' 'code' => 'authenticated' 'status' => 200], 200);
  392.         }
  393.     }
  394. }