src/Controller/Patient/Auth/AuthController.php line 47

Open in your IDE?
  1. <?php
  2. namespace App\Controller\Patient\Auth;
  4. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  5. use Symfony\Component\HttpFoundation\JsonResponse;
  6. use Symfony\Component\HttpFoundation\Request;
  7. use Symfony\Component\HttpFoundation\Response;
  8. use Symfony\Component\Routing\Annotation\Route;
  9. use Symfony\Component\HttpFoundation\RequestStack;
  10. use ImperiumApp\Manager\AuthManager;
  12. # AppsApi
  13. use Imperium\AppsApi\Auth\Lecture as ApiAuth;
  16. use Imperium\Config\iConfig;
  17. use Imperium\StaticUtils\Utils;
  20. use Imperium\InterfaceData\imp_health\Patients as IDataPatients;
  22. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  23. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  24. use App\Entity\User;
  25. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  26. use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
  27. use Symfony\Component\EventDispatcher\EventDispatcher;
  28. use Imperium\InterfaceToken\userToken;
  29. use Imperium\InterfaceToken\cookieToken;
  32. use Symfony\Component\Security\Core\User\UserInterface;
  34. class AuthController extends AbstractController
  35. {
  37.     protected $tokenStorage;
  38.     private $session;
  39.     protected $OTP;
  40.     protected $CryptSecretKey;
  42.     public function __construct(RequestStack $request,TokenStorageInterface $tokenStorage,SessionInterface $session)
  43.     {
  44.         iConfig::initConfig();
  45.         $this->tokenStorage $tokenStorage;
  46.         $this->session $session;
  47.         $this->OTP $session->get('otp')??null;
  48.         $this->CryptSecretKey iConfig::getCryptSecretKey();
  49.     }
  51.     public function getSignin()
  52.     {
  53.         
  54.         return $this->render('patient/auth/index.html.twig');
  55.     }
  56.     public function postSigninEmail(Request $request)
  57.     {
  58.         self::verify_postSigninEmail($request);
  60.         $identifiant $request->get('identifiant');
  61.         $params = [];
  62.         $params['args']['email'] = $identifiant;
  63.         $response ApiAuth::getCompteByEmail($params);
  65.         if ( $response->compte == null ) {
  66.             return new JsonResponse(['status'=>401,"code"=>"unauthorized","title"=>"Unauthorized","message"=>"Email not found"],401);    
  67.         }
  68.         if( $response->compte->Ip_Comptes->Validite ==  ){ #ToDo => $response->compte->Ip_Comptes->Validite == 0
  69.             $identifiant $request->get('identifiant');
  71.             $params = [];
  72.             $params['args']['email'] = $identifiant;
  73.             $params['args']['IdCompte'] = $response->compte->Ip_Comptes->IdCompte;
  75.             $otp ApiAuth::generateOtp($params);
  76.         
  77.             $params_twig= [];
  78.             // $otp->data->otp = 1111; //#ToDo remove this line
  79.             $this->session->set('otp',$otp->data->otp);
  80.             $params_twig['otp'] = Utils::CryptJWT($otp->data->otp,$this->CryptSecretKey);
  81.             $params_twig['IdCompte'] = Utils::CryptJWT($params['args']['IdCompte'],$this->CryptSecretKey);
  82.             $params_twig['identifiant'] = $identifiant;
  84.             return new JsonResponse(['status'=>1000,"code"=>"item_invalid","message"=>"account validated","data"=>$params_twig]);
  85.         }
  86.         $params_twig['IdCompte'] = Utils::CryptJWT($response->compte->Ip_Comptes->IdCompte,$this->CryptSecretKey);
  88.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success","data"=>$params_twig]);
  90.         // $rsponse = ApiAuth::getCompteByEmail()
  91.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success"]);
  92.     }
  94.     public function postValidatedCompte(Request $request)
  95.     {
  96.         self::verify_postValidatedCompte($request,$this->CryptSecretKey);
  97.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success"]);
  98.     }
  100.     public function postValidatedCompteAuth(Request $request)
  101.     {
  102.         
  103.         self::verify_postValidatedCompteAuth($request,$this->CryptSecretKey);
  105.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$this->CryptSecretKey);
  106.         $password $request->get('password');
  107.         $identifiant $request->get('identifiant');
  108.         $params = [];
  109.         $params['username'] = $identifiant;
  110.         $params['password'] = $password;
  111.         $response ApiAuth::usersSignin($params);
  112.         if( isset($response->token) ){
  113.             if( (new IDataPatients())->first(['IdComptePatient'=>$IdCompte]) ){
  114.                 $compte ApiAuth::usersVerify(['token'=>$response->token]);
  115.                 self::loadSession($IdCompte,$identifiant,$this,$request);
  117.                 return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success"]);
  120.             }else{
  121.                 throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "account unconfigured","message"=>"The account is not configured","data"=>[
  122.                     'account_unconfigured'=>true,
  123.                 ]],422))->send();
  124.             }
  125.         }else{
  126.             return new JsonResponse(['status'=>401,"code"=>"unauthorized","title"=>"Unauthorized","message"=>"Unauthorized"],401);    
  127.         }
  129.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success"]);
  130.     }
  133.     public function postCompteVerifyAuth(Request $request)
  134.     {
  135.         self::verify_postCompteVerifyAuth($request,$this->CryptSecretKey);
  137.         $password $request->get('password');
  138.         $identifiant $request->get('identifiant');
  139.         $IdCompte $request->get('IdCompte');
  141.         $params = [];
  142.         $params['username'] = $identifiant;
  143.         $params['password'] = $password;
  144.         $response ApiAuth::usersSignin($params);
  146.         if( isset($response->token) ){
  147.             $params = [];
  148.             $params['args']['email'] = $identifiant;
  149.             $params['args']['IdCompte'] = Utils::DecryptJWT($IdCompte,$this->CryptSecretKey);
  150.             $otp ApiAuth::generateOtpSante($params); //#ToDo discomment this line
  151.         //dd($otp->data->otp);
  152.             $params_twig= [];
  153.             // $otp->data->otp = 1111; //#ToDo remove this line
  154.             $this->session->set('otp',$otp->data->otp);
  155.             $params_twig['otp'] = Utils::CryptJWT($otp->data->otp,$this->CryptSecretKey);
  156.             // $otp->data->otp = 1111; //#ToDo remove this line
  157.             // $this->session->set('otp',$otp->data->otp);
  158.             // $params_twig['otp'] = Utils::CryptJWT($otp->data->otp,$this->CryptSecretKey);
  159.             $params_twig['password'] = Utils::CryptJWT($password,$this->CryptSecretKey);
  160.             $params_twig['token'] = $response->token;
  162.             return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success","data"=>$params_twig]);
  163.         }else{
  164.             return new JsonResponse(['status'=>401,"code"=>"unauthorized","title"=>"password invalid","message"=>"password invalid"],401);   
  165.         }
  166.         
  167.     }
  169.     public function postCompteAuth(Request $request)
  170.     {
  171.         self::verify_postCompteAuth($request,$this->CryptSecretKey);
  173.         // virify token
  175.         $token $request->get('token');
  176.         $userToken ApiAuth::usersVerify(['token'=>$token]);
  177.         if( $userToken->status == 401 ){
  178.             return new JsonResponse(['status'=>401,"code"=>"expired","title"=>"Expired","message"=>"expired token"],401);    
  179.         }
  181.         $password $request->get('password');
  182.         $identifiant $request->get('identifiant');
  183.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$this->CryptSecretKey);
  184.         if( (new IDataPatients())->first(['IdComptePatient'=>$IdCompte]) ){
  185.             self::loadSession($IdCompte,$identifiant,$this,$request);
  186.         }else{
  187.             throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "account unconfigured","message"=>"The account is not configured","data"=>[
  188.                 'account_unconfigured'=>true,
  189.             ]],422))->send();
  190.         }
  193.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success","data"=>[
  194.             'redirect'=>'/patient/dashboard'
  195.         ]]);
  196.         
  197.     }
  200.     protected static function verify_postCompteAuth($request,$keyCryptage)
  201.     {
  202.         
  203.         $validators = [];
  204.         if( !$request->request->has('password') || empty($request->get('password'))){
  205.             $validators['fields'] = "Password is required";
  206.         }
  207.         if( !$request->request->has('token') || empty($request->get('token'))){
  208.             $validators['fields'] = "token is required";
  209.         }
  211.         if( !$request->request->has('identifiant') || empty($request->get('identifiant'))){
  212.             $validators['fields'] = "identifiant is required";
  213.         }
  215.         if( !$request->request->has('otp') || empty($request->get('otp'))){
  216.             $validators['fields'] = "otp is required";
  217.         }
  218.         
  219.         if( !$request->request->has('codeOne') && !preg_match'/^[0-9]+$/' $request->get('codeOne') ) ){
  220.             $validators['codeAuthAccount1'] = "the codeOne field is mandatory .";
  221.         }
  222.         if( !$request->request->has('codeTwo') && !preg_match'/^[0-9]+$/' $request->get('codeTwo') ) ){
  223.             $validators['codeAuthAccount2'] = "the codeTwo field is mandatory .";
  224.         }
  225.         if( !$request->request->has('codeTree') && !preg_match(' /^[0-9]+$/',  $request->get('codeTree') ) ){
  226.             $validators['codeAuthAccount3'] = "the codeTree field is mandatory .";
  227.         }
  228.         if( !$request->request->has('codeFour') && !preg_match(' /^[0-9]+$/',  $request->get('codeFour') ) ){
  229.             $validators['codeAuthAccount4'] = "the codeFour field is mandatory .";
  230.         }
  232.         // concatenate otp code
  233.         $code $request->get('codeOne') . $request->get('codeTwo') . $request->get('codeTree') . $request->get('codeFour');
  234.         $otp =  Utils::DecryptJWT($request->get('otp'),$keyCryptage); 
  235.         // compare otp code
  236.         if($code != $otp){
  237.             $validators['otp'] = "The OTP is not Valide . Please Provide the valide one .";
  238.         }
  242.         // check idcompte & idetifiant
  243.         $identifiant $request->get('identifiant');
  244.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$keyCryptage);
  245.         $params = [];
  246.         $params['args']['email'] = $identifiant;
  247.         $response ApiAuth::getCompteByEmail($params);
  248.         if ( !($response->compte != null && isset($response->compte->Ip_Comptes->IdCompte) && $response->compte->Ip_Comptes->IdCompte == $IdCompte) ) {
  249.             $validators['fields'] = "some fields is required";
  250.         }
  253.         // check password & identifiant
  254.         $params = [];
  255.         $params['username'] = $identifiant;
  256.         $params['password'] = Utils::DecryptJWT($request->get('password'),$keyCryptage);
  257.         $response ApiAuth::usersSignin($params);
  258.         if( $response == null  ){
  259.             $validators['fields'] = "some fields is required";
  260.         }
  262.         if(count($validators)>0){
  263.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  264.             throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "Confirmation Erreur","message"=>"The data provided was invalid","data"=>$validators],422))->send();
  265.         }
  266.     }
  268.     protected static function verify_postCompteVerifyAuth($request,$keyCryptage)
  269.     {
  270.         $data = [];
  271.         $data["code"] = "error";
  272.         $data["status"] = 422;
  273.         
  274.         $validators = [];
  275.         if( !$request->request->has('password') || empty($request->get('password'))){
  276.             $validators['password'] = "Password is required";
  277.         }
  278.         
  279.         // check idcompte & idetifiant
  280.         $identifiant $request->get('identifiant');
  281.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$keyCryptage);
  282.         $params = [];
  283.         $params['args']['email'] = $identifiant;
  284.         $response ApiAuth::getCompteByEmail($params);
  285.         if ( !($response->compte != null && isset($response->compte->Ip_Comptes->IdCompte) && $response->compte->Ip_Comptes->IdCompte == $IdCompte) ) {
  286.             $validators['fields'] = "some fields is required";
  287.         }
  289.         if(count($validators)>0){
  290.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  291.             throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "Confirmation Erreur","message"=>"The data provided was invalid","data"=>$validators],422))->send();
  292.         }
  293.     }
  296.     protected static function verify_postValidatedCompte($request,$keyCryptage)
  297.     {
  298.         $data = [];
  299.         $data["code"] = "error";
  300.         $data["status"] = 422;
  301.         
  302.         $validators = [];
  304.         if( !$request->request->has('codeOne') && !preg_match'/^[0-9]+$/' $request->get('codeOne') ) ){
  305.             $validators['codemailphone1'] = "the codeOne field is mandatory .";
  306.         }
  307.         if( !$request->request->has('codeTwo') && !preg_match'/^[0-9]+$/' $request->get('codeTwo') ) ){
  308.             $validators['codemailphone2'] = "the codeTwo field is mandatory .";
  309.         }
  310.         if( !$request->request->has('codeTree') && !preg_match(' /^[0-9]+$/',  $request->get('codeTree') ) ){
  311.             $validators['codemailphone3'] = "the codeTree field is mandatory .";
  312.         }
  313.         if( !$request->request->has('codeFour') && !preg_match(' /^[0-9]+$/',  $request->get('codeFour') ) ){
  314.             $validators['codemailphone4'] = "the codeFour field is mandatory .";
  315.         }
  316.         
  317.         if( !$request->request->has('IdCompte') || empty($request->get('IdCompte'))){
  318.             $validators['fields'] = "some fields is requireds";
  319.         }
  320.         if( !$request->request->has('identifiant') || empty($request->get('identifiant'))){
  321.             $validators['fields'] = "some fields is requireds";
  322.         }
  323.         
  324.         // concatenate otp code
  325.         $code $request->get('codeOne') . $request->get('codeTwo') . $request->get('codeTree') . $request->get('codeFour');
  327.         $otp =  Utils::DecryptJWT($request->get('otp'),$keyCryptage); 
  329.         // compare otp code
  330.         if($code != $otp){
  331.             $validators['otp'] = "The OTP is not Valide . Please Provide the valide one .";
  332.         }
  334.         // check idcompte & idetifiant
  335.         $identifiant $request->get('identifiant');
  336.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$keyCryptage);
  337.         $params = [];
  338.         $params['args']['email'] = $identifiant;
  339.         $response ApiAuth::getCompteByEmail($params);
  340.         if ( !($response->compte != null && isset($response->compte->Ip_Comptes->IdCompte) && $response->compte->Ip_Comptes->IdCompte == $IdCompte) ) {
  341.             $validators['fields'] = "some fields is requireds";
  342.         }
  343.         if(count($validators)>0){
  344.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  345.             throw (new JsonResponse(['code'=>'error','status'=>422,"title"=>"error","message"=>"The data provided was invalid","data"=>$validators],422))->send();
  346.         }
  347.     }
  348.     protected static function verify_postSigninEmail($request)
  349.     {
  350.         $data = [];
  351.         $data["code"] = "error";
  352.         $data["status"] = 422;
  354.         $validators = [];
  355.         if( !$request->request->has('identifiant') || empty($request->get('identifiant'))){
  356.             $validators['identifiant'] = "the identifiant field is mandatory";
  357.         }
  360.         if(count($validators)>0){
  361.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  362.             throw (new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422))->send();
  363.         }
  364.     }
  366.     protected static function verify_postValidatedCompteAuth($request,$keyCryptage)
  367.     {
  368.         $data = [];
  369.         $data["code"] = "error";
  370.         $data["status"] = 422;
  371.         
  372.         $validators = [];
  373.         if( !$request->request->has('password') || empty($request->get('password'))){
  374.             $validators['password'] = "some password is requireds";
  375.         }
  376.         if( !$request->request->has('confirmPassword') || empty($request->get('confirmPassword'))){
  377.             $validators['confirmPassword'] = "some confirmPassword is requireds";
  378.         }
  379.         if( $request->request->has('password')  && $request->request->has('confirmPassword')  && $request->get('password') != $request->get('confirmPassword')){
  380.             $validators['confirm'] = "Password confirmation is not valide";
  381.         }
  382.       
  383.         if( !$request->request->has('IdCompte') || empty($request->get('IdCompte'))){
  384.             $validators['fields'] = "some fields is requireds";
  385.         }
  387.         if( !$request->request->has('identifiant') || empty($request->get('identifiant'))){
  388.             $validators['fields'] = "some fields is requireds";
  389.         }
  390.         // check idcompte & idetifiant
  391.         $identifiant $request->get('identifiant');
  392.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$keyCryptage);
  393.         $params = [];
  394.         $params['args']['email'] = $identifiant;
  395.         $response ApiAuth::getCompteByEmail($params);
  396.         if ( !($response->compte != null && isset($response->compte->Ip_Comptes->IdCompte) && $response->compte->Ip_Comptes->IdCompte == $IdCompte) ) {
  397.             $validators['fields'] = "some fields is requireds";
  398.         }
  400.         if(count($validators)>0){
  401.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  402.             throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "Confirmation Erreur","message"=>"The data provided was invalid","data"=>$validators],422))->send();
  403.         }
  404.     }
  406.     protected static function loadSession($IdCompte,$identifiant,$current,$request)
  407.     {
  408.         $compte ApiAuth::compteDetail($IdCompte);
  409.         $current->session->set('user'$compte->data->compte );
  410.         $current->session->set('compteid'$compte->data->compte->IdCompte );
  411.         $current->session->set('user_image''logo');
  413.         $user = new User();
  414.         $user->setId($compte->data->compte->IdCompte);
  415.         $user->setUserName($compte->data->compte->X_NOM.' '.$compte->data->compte->X_PRENOM);
  416.         $user->setEmail($identifiant);
  417.         $user->setFirstName($compte->data->compte->X_PRENOM);
  418.         $user->setLastName($compte->data->compte->X_NOM);
  419.         $user->setUserImage($compte->data->compte->pic_profile);
  420.         $user->setRoles(['ROLE_ADMIN']);
  421.         //Create session for symfony
  422.         $token = new UsernamePasswordToken($usernull'main', ['ROLE_ADMIN']);
  424.         $current->tokenStorage->setToken($token);
  425.         $request->getSession()->set('_security_main'serialize($token));
  427.         $dispatcher = new EventDispatcher();
  428.         $event = new InteractiveLoginEvent($request$token);
  429.         $dispatcher->dispatch($event);
  431.         try {
  432.             //generate user token
  433.             $uToken = new userToken(null,$current->session);
  434.             $userToken $uToken->authenticate($email$password);
  435.             
  436.         } catch ( \Exception $th) {
  437.             error_log$th->getMessage() , 0);
  438.         }
  439.         try {
  440.             // must check $userToken->status == 200 before continue
  441.             //push cookie 
  442.             $cToken = new cookieToken(null,$current->session);
  443.             $cToken->user_token $userToken->token;
  444.             $cToken->set('lastName','wakrim');
  445.             $cToken->set('firstName','brahim');
  446.             $cToken->push();
  447.             
  448.         } catch ( \Exception $th) {
  449.             error_log$th->getMessage() , 0);
  450.         }
  452.         //test if request is xhr
  453.         if ($request->isXmlHttpRequest()){
  454.             return new JsonResponse(['message' => 'authenticated' 'code' => 'authenticated' 'status' => 200], 200);
  455.         }
  456.     }
  457.     
  458. }