src/Controller/Patient/Auth/AuthController.php line 54

Open in your IDE?
  1. <?php
  2. namespace App\Controller\Patient\Auth;
  3. use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
  4. use Symfony\Component\HttpFoundation\JsonResponse;
  5. use Symfony\Component\HttpFoundation\Request;
  6. use Symfony\Component\HttpFoundation\Response;
  7. use Symfony\Component\Routing\Annotation\Route;
  8. use Symfony\Component\HttpFoundation\RequestStack;
  9. use ImperiumApp\Manager\AuthManager;
  10. # AppsApi
  11. use Imperium\AppsApi\Auth\Lecture as ApiAuth;
  12. use Imperium\Config\iConfig;
  13. use Imperium\StaticUtils\Utils;
  14. use Imperium\InterfaceData\imp_health\Patients as IDataPatients;
  15. use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
  16. use Symfony\Component\HttpFoundation\Session\SessionInterface;
  17. use App\Entity\User;
  18. use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  19. use Symfony\Component\Security\Http\Event\InteractiveLoginEvent;
  20. use Symfony\Component\EventDispatcher\EventDispatcher;
  21. use Imperium\InterfaceToken\userToken;
  22. use Imperium\InterfaceToken\cookieToken;
  23. use Symfony\Component\Security\Core\User\UserInterface;
  24. class AuthController extends AbstractController
  25. {
  26.     protected $tokenStorage;
  27.     private $session;
  28.     protected $OTP;
  29.     protected $CryptSecretKey;
  30.     public function __construct(RequestStack $request,TokenStorageInterface $tokenStorage,SessionInterface $session)
  31.     {
  32.         iConfig::initConfig();
  33.         $this->tokenStorage $tokenStorage;
  34.         $this->session $session;
  35.         $this->OTP $session->get('otp')??null;
  36.         $this->CryptSecretKey iConfig::getCryptSecretKey();
  37.     }
  38.     public function getSignin()
  39.     {
  40.         
  41.         return $this->render('patient/auth/index.html.twig');
  42.     }
  43.     public function postSigninEmail(Request $request)
  44.     {
  45.         self::verify_postSigninEmail($request);
  46.         $identifiant $request->get('identifiant');
  47.         $params = [];
  48.         $params['args']['email'] = $identifiant;
  49.         $response ApiAuth::getCompteByEmail($params);
  50.         if ( $response->compte == null ) {
  51.             return new JsonResponse(['status'=>401,"code"=>"unauthorized","title"=>"Unauthorized","message"=>"Email not found"],401);    
  52.         }
  53.         if( $response->compte->Ip_Comptes->Validite ==  ){ #ToDo => $response->compte->Ip_Comptes->Validite == 0
  54.             $identifiant $request->get('identifiant');
  55.             $params = [];
  56.             $params['args']['email'] = $identifiant;
  57.             $params['args']['IdCompte'] = $response->compte->Ip_Comptes->IdCompte;
  58.             $otp ApiAuth::generateOtp($params);
  59.         
  60.             $params_twig= [];
  61.             // $otp->data->otp = 1111; //#ToDo remove this line
  62.             $this->session->set('otp',$otp->data->otp);
  63.             $params_twig['otp'] = Utils::CryptJWT($otp->data->otp,$this->CryptSecretKey);
  64.             $params_twig['IdCompte'] = Utils::CryptJWT($params['args']['IdCompte'],$this->CryptSecretKey);
  65.             $params_twig['identifiant'] = $identifiant;
  66.             return new JsonResponse(['status'=>1000,"code"=>"item_invalid","message"=>"account validated","data"=>$params_twig]);
  67.         }
  68.         $params_twig['IdCompte'] = Utils::CryptJWT($response->compte->Ip_Comptes->IdCompte,$this->CryptSecretKey);
  69.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success","data"=>$params_twig]);
  70.         // $rsponse = ApiAuth::getCompteByEmail()
  71.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success"]);
  72.     }
  73.     public function postValidatedCompte(Request $request)
  74.     {
  75.         self::verify_postValidatedCompte($request,$this->CryptSecretKey);
  76.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success"]);
  77.     }
  78.     public function postValidatedCompteAuth(Request $request)
  79.     {
  80.         
  81.         self::verify_postValidatedCompteAuth($request,$this->CryptSecretKey);
  82.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$this->CryptSecretKey);
  83.         $password $request->get('password');
  84.         $identifiant $request->get('identifiant');
  85.         $params = [];
  86.         $params['username'] = $identifiant;
  87.         $params['password'] = $password;
  88.         $response ApiAuth::usersSignin($params);
  89.         if( isset($response->token) ){
  90.             if( (new IDataPatients())->first(['IdComptePatient'=>$IdCompte]) ){
  91.                 $compte ApiAuth::usersVerify(['token'=>$response->token]);
  92.                 self::loadSession($IdCompte,$identifiant,$this,$request);
  93.                 return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success"]);
  94.             }else{
  95.                 throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "account unconfigured","message"=>"The account is not configured","data"=>[
  96.                     'account_unconfigured'=>true,
  97.                 ]],422))->send();
  98.             }
  99.         }else{
  100.             return new JsonResponse(['status'=>401,"code"=>"unauthorized","title"=>"Unauthorized","message"=>"Unauthorized"],401);    
  101.         }
  102.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success"]);
  103.     }
  104.     public function postCompteVerifyAuth(Request $request)
  105.     {
  106.         self::verify_postCompteVerifyAuth($request,$this->CryptSecretKey);
  107.         $password $request->get('password');
  108.         $identifiant $request->get('identifiant');
  109.         $IdCompte $request->get('IdCompte');
  110.         $params = [];
  111.         $params['username'] = $identifiant;
  112.         $params['password'] = $password;
  113.         $response ApiAuth::usersSignin($params);
  114.         if( isset($response->token) ){
  115.             $params = [];
  116.             $params['args']['email'] = $identifiant;
  117.             $params['args']['IdCompte'] = Utils::DecryptJWT($IdCompte,$this->CryptSecretKey);
  118.             $otp ApiAuth::generateOtpSante($params); //#ToDo discomment this line
  119.         //dd($otp->data->otp);
  120.             $params_twig= [];
  121.             // $otp->data->otp = 1111; //#ToDo remove this line
  122.             $this->session->set('otp',$otp->data->otp);
  123.             $params_twig['otp'] = Utils::CryptJWT($otp->data->otp,$this->CryptSecretKey);
  124.             // $otp->data->otp = 1111; //#ToDo remove this line
  125.             // $this->session->set('otp',$otp->data->otp);
  126.             // $params_twig['otp'] = Utils::CryptJWT($otp->data->otp,$this->CryptSecretKey);
  127.             $params_twig['password'] = Utils::CryptJWT($password,$this->CryptSecretKey);
  128.             $params_twig['token'] = $response->token;
  129.             return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success","data"=>$params_twig]);
  130.         }else{
  131.             return new JsonResponse(['status'=>401,"code"=>"unauthorized","title"=>"password invalid","message"=>"password invalid"],401);   
  132.         }
  133.         
  134.     }
  135.     public function postCompteAuth(Request $request)
  136.     {
  137.         self::verify_postCompteAuth($request,$this->CryptSecretKey);
  138.         // virify token
  139.         $token $request->get('token');
  140.         $userToken ApiAuth::usersVerify(['token'=>$token]);
  141.         if( $userToken->status == 401 ){
  142.             return new JsonResponse(['status'=>401,"code"=>"expired","title"=>"Expired","message"=>"expired token"],401);    
  143.         }
  144.         $password $request->get('password');
  145.         $identifiant $request->get('identifiant');
  146.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$this->CryptSecretKey);
  147.         if( (new IDataPatients())->first(['IdComptePatient'=>$IdCompte]) ){
  148.             self::loadSession($IdCompte,$identifiant,$this,$request);
  149.         }else{
  150.             throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "account unconfigured","message"=>"The account is not configured","data"=>[
  151.                 'account_unconfigured'=>true,
  152.             ]],422))->send();
  153.         }
  154.         return new JsonResponse(['status'=>200,"code"=>"success","message"=>"success","data"=>[
  155.             'redirect'=>'/patient/dashboard'
  156.         ]]);
  157.         
  158.     }
  159.     protected static function verify_postCompteAuth($request,$keyCryptage)
  160.     {
  161.         
  162.         $validators = [];
  163.         if( !$request->request->has('password') || empty($request->get('password'))){
  164.             $validators['fields'] = "Password is required";
  165.         }
  166.         if( !$request->request->has('token') || empty($request->get('token'))){
  167.             $validators['fields'] = "token is required";
  168.         }
  169.         if( !$request->request->has('identifiant') || empty($request->get('identifiant'))){
  170.             $validators['fields'] = "identifiant is required";
  171.         }
  172.         if( !$request->request->has('otp') || empty($request->get('otp'))){
  173.             $validators['fields'] = "otp is required";
  174.         }
  175.         
  176.         if( !$request->request->has('codeOne') && !preg_match'/^[0-9]+$/' $request->get('codeOne') ) ){
  177.             $validators['codeAuthAccount1'] = "the codeOne field is mandatory .";
  178.         }
  179.         if( !$request->request->has('codeTwo') && !preg_match'/^[0-9]+$/' $request->get('codeTwo') ) ){
  180.             $validators['codeAuthAccount2'] = "the codeTwo field is mandatory .";
  181.         }
  182.         if( !$request->request->has('codeTree') && !preg_match(' /^[0-9]+$/',  $request->get('codeTree') ) ){
  183.             $validators['codeAuthAccount3'] = "the codeTree field is mandatory .";
  184.         }
  185.         if( !$request->request->has('codeFour') && !preg_match(' /^[0-9]+$/',  $request->get('codeFour') ) ){
  186.             $validators['codeAuthAccount4'] = "the codeFour field is mandatory .";
  187.         }
  188.         // concatenate otp code
  189.         $code $request->get('codeOne') . $request->get('codeTwo') . $request->get('codeTree') . $request->get('codeFour');
  190.         $otp =  Utils::DecryptJWT($request->get('otp'),$keyCryptage); 
  191.         // compare otp code
  192.         if($code != $otp){
  193.             $validators['otp'] = "The OTP is not Valide . Please Provide the valide one .";
  194.         }
  195.         // check idcompte & idetifiant
  196.         $identifiant $request->get('identifiant');
  197.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$keyCryptage);
  198.         $params = [];
  199.         $params['args']['email'] = $identifiant;
  200.         $response ApiAuth::getCompteByEmail($params);
  201.         if ( !($response->compte != null && isset($response->compte->Ip_Comptes->IdCompte) && $response->compte->Ip_Comptes->IdCompte == $IdCompte) ) {
  202.             $validators['fields'] = "some fields is required";
  203.         }
  204.         // check password & identifiant
  205.         $params = [];
  206.         $params['username'] = $identifiant;
  207.         $params['password'] = Utils::DecryptJWT($request->get('password'),$keyCryptage);
  208.         $response ApiAuth::usersSignin($params);
  209.         if( $response == null  ){
  210.             $validators['fields'] = "some fields is required";
  211.         }
  212.         if(count($validators)>0){
  213.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  214.             throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "Confirmation Erreur","message"=>"The data provided was invalid","data"=>$validators],422))->send();
  215.         }
  216.     }
  217.     protected static function verify_postCompteVerifyAuth($request,$keyCryptage)
  218.     {
  219.         $data = [];
  220.         $data["code"] = "error";
  221.         $data["status"] = 422;
  222.         
  223.         $validators = [];
  224.         if( !$request->request->has('password') || empty($request->get('password'))){
  225.             $validators['password'] = "Password is required";
  226.         }
  227.         
  228.         // check idcompte & idetifiant
  229.         $identifiant $request->get('identifiant');
  230.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$keyCryptage);
  231.         $params = [];
  232.         $params['args']['email'] = $identifiant;
  233.         $response ApiAuth::getCompteByEmail($params);
  234.         if ( !($response->compte != null && isset($response->compte->Ip_Comptes->IdCompte) && $response->compte->Ip_Comptes->IdCompte == $IdCompte) ) {
  235.             $validators['fields'] = "some fields is required";
  236.         }
  237.         if(count($validators)>0){
  238.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  239.             throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "Confirmation Erreur","message"=>"The data provided was invalid","data"=>$validators],422))->send();
  240.         }
  241.     }
  242.     protected static function verify_postValidatedCompte($request,$keyCryptage)
  243.     {
  244.         $data = [];
  245.         $data["code"] = "error";
  246.         $data["status"] = 422;
  247.         
  248.         $validators = [];
  249.         if( !$request->request->has('codeOne') && !preg_match'/^[0-9]+$/' $request->get('codeOne') ) ){
  250.             $validators['codemailphone1'] = "the codeOne field is mandatory .";
  251.         }
  252.         if( !$request->request->has('codeTwo') && !preg_match'/^[0-9]+$/' $request->get('codeTwo') ) ){
  253.             $validators['codemailphone2'] = "the codeTwo field is mandatory .";
  254.         }
  255.         if( !$request->request->has('codeTree') && !preg_match(' /^[0-9]+$/',  $request->get('codeTree') ) ){
  256.             $validators['codemailphone3'] = "the codeTree field is mandatory .";
  257.         }
  258.         if( !$request->request->has('codeFour') && !preg_match(' /^[0-9]+$/',  $request->get('codeFour') ) ){
  259.             $validators['codemailphone4'] = "the codeFour field is mandatory .";
  260.         }
  261.         
  262.         if( !$request->request->has('IdCompte') || empty($request->get('IdCompte'))){
  263.             $validators['fields'] = "some fields is requireds";
  264.         }
  265.         if( !$request->request->has('identifiant') || empty($request->get('identifiant'))){
  266.             $validators['fields'] = "some fields is requireds";
  267.         }
  268.         
  269.         // concatenate otp code
  270.         $code $request->get('codeOne') . $request->get('codeTwo') . $request->get('codeTree') . $request->get('codeFour');
  271.         $otp =  Utils::DecryptJWT($request->get('otp'),$keyCryptage); 
  272.         // compare otp code
  273.         if($code != $otp){
  274.             $validators['otp'] = "The OTP is not Valide . Please Provide the valide one .";
  275.         }
  276.         // check idcompte & idetifiant
  277.         $identifiant $request->get('identifiant');
  278.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$keyCryptage);
  279.         $params = [];
  280.         $params['args']['email'] = $identifiant;
  281.         $response ApiAuth::getCompteByEmail($params);
  282.         if ( !($response->compte != null && isset($response->compte->Ip_Comptes->IdCompte) && $response->compte->Ip_Comptes->IdCompte == $IdCompte) ) {
  283.             $validators['fields'] = "some fields is requireds";
  284.         }
  285.         if(count($validators)>0){
  286.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  287.             throw (new JsonResponse(['code'=>'error','status'=>422,"title"=>"error","message"=>"The data provided was invalid","data"=>$validators],422))->send();
  288.         }
  289.     }
  290.     protected static function verify_postSigninEmail($request)
  291.     {
  292.         $data = [];
  293.         $data["code"] = "error";
  294.         $data["status"] = 422;
  295.         $validators = [];
  296.         if( !$request->request->has('identifiant') || empty($request->get('identifiant'))){
  297.             $validators['identifiant'] = "the identifiant field is mandatory";
  298.         }
  299.         if(count($validators)>0){
  300.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  301.             throw (new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422))->send();
  302.         }
  303.     }
  304.     protected static function verify_postValidatedCompteAuth($request,$keyCryptage)
  305.     {
  306.         $data = [];
  307.         $data["code"] = "error";
  308.         $data["status"] = 422;
  309.         
  310.         $validators = [];
  311.         if( !$request->request->has('password') || empty($request->get('password'))){
  312.             $validators['password'] = "some password is requireds";
  313.         }
  314.         if( !$request->request->has('confirmPassword') || empty($request->get('confirmPassword'))){
  315.             $validators['confirmPassword'] = "some confirmPassword is requireds";
  316.         }
  317.         if( $request->request->has('password')  && $request->request->has('confirmPassword')  && $request->get('password') != $request->get('confirmPassword')){
  318.             $validators['confirm'] = "Password confirmation is not valide";
  319.         }
  320.       
  321.         if( !$request->request->has('IdCompte') || empty($request->get('IdCompte'))){
  322.             $validators['fields'] = "some fields is requireds";
  323.         }
  324.         if( !$request->request->has('identifiant') || empty($request->get('identifiant'))){
  325.             $validators['fields'] = "some fields is requireds";
  326.         }
  327.         // check idcompte & idetifiant
  328.         $identifiant $request->get('identifiant');
  329.         $IdCompte Utils::DecryptJWT($request->get('IdCompte'),$keyCryptage);
  330.         $params = [];
  331.         $params['args']['email'] = $identifiant;
  332.         $response ApiAuth::getCompteByEmail($params);
  333.         if ( !($response->compte != null && isset($response->compte->Ip_Comptes->IdCompte) && $response->compte->Ip_Comptes->IdCompte == $IdCompte) ) {
  334.             $validators['fields'] = "some fields is requireds";
  335.         }
  336.         if(count($validators)>0){
  337.             // return new JsonResponse(['code'=>'error','status'=>422,"message"=>"The data provided was invalid","data"=>$validators],422);
  338.             throw (new JsonResponse(['code'=>'error','status'=>422,"title" => "Confirmation Erreur","message"=>"The data provided was invalid","data"=>$validators],422))->send();
  339.         }
  340.     }
  341.     protected static function loadSession($IdCompte,$identifiant,$current,$request)
  342.     {
  343.         $compte ApiAuth::compteDetail($IdCompte);
  344.         $current->session->set('user'$compte->data->compte );
  345.         $current->session->set('compteid'$compte->data->compte->IdCompte );
  346.         $current->session->set('user_image''logo');
  347.         $user = new User();
  348.         $user->setId($compte->data->compte->IdCompte);
  349.         $user->setUserName($compte->data->compte->X_NOM.' '.$compte->data->compte->X_PRENOM);
  350.         $user->setEmail($identifiant);
  351.         $user->setFirstName($compte->data->compte->X_PRENOM);
  352.         $user->setLastName($compte->data->compte->X_NOM);
  353.         $user->setUserImage($compte->data->compte->pic_profile);
  354.         $user->setRoles(['ROLE_ADMIN']);
  355.         //Create session for symfony
  356.         $token = new UsernamePasswordToken($usernull'main', ['ROLE_ADMIN']);
  357.         $current->tokenStorage->setToken($token);
  358.         $request->getSession()->set('_security_main'serialize($token));
  359.         $dispatcher = new EventDispatcher();
  360.         $event = new InteractiveLoginEvent($request$token);
  361.         $dispatcher->dispatch($event);
  362.         try {
  363.             //generate user token
  364.             $uToken = new userToken(null,$current->session);
  365.             $userToken $uToken->authenticate($email$password);
  366.             
  367.         } catch ( \Exception $th) {
  368.             error_log$th->getMessage() , 0);
  369.         }
  370.         try {
  371.             // must check $userToken->status == 200 before continue
  372.             //push cookie 
  373.             $cToken = new cookieToken(null,$current->session);
  374.             $cToken->user_token $userToken->token;
  375.             $cToken->set('lastName','wakrim');
  376.             $cToken->set('firstName','brahim');
  377.             $cToken->push();
  378.             
  379.         } catch ( \Exception $th) {
  380.             error_log$th->getMessage() , 0);
  381.         }
  382.         //test if request is xhr
  383.         if ($request->isXmlHttpRequest()){
  384.             return new JsonResponse(['message' => 'authenticated' 'code' => 'authenticated' 'status' => 200], 200);
  385.         }
  386.     }
  387.     
  388. }