vendor/shopware/storefront/Controller/AuthController.php line 241

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Storefront\Controller;
  5. use Shopware\Core\Checkout\Customer\Exception\BadCredentialsException;
  6. use Shopware\Core\Checkout\Customer\Exception\CustomerAuthThrottledException;
  7. use Shopware\Core\Checkout\Customer\Exception\CustomerNotFoundByHashException;
  8. use Shopware\Core\Checkout\Customer\Exception\CustomerNotFoundException;
  9. use Shopware\Core\Checkout\Customer\Exception\CustomerRecoveryHashExpiredException;
  10. use Shopware\Core\Checkout\Customer\Exception\InactiveCustomerException;
  11. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractLoginRoute;
  12. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractLogoutRoute;
  13. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractResetPasswordRoute;
  14. use Shopware\Core\Checkout\Customer\SalesChannel\AbstractSendPasswordRecoveryMailRoute;
  15. use Shopware\Core\Framework\DataAbstractionLayer\Exception\InconsistentCriteriaIdsException;
  16. use Shopware\Core\Framework\Feature;
  17. use Shopware\Core\Framework\Log\Package;
  18. use Shopware\Core\Framework\RateLimiter\Exception\RateLimitExceededException;
  19. use Shopware\Core\Framework\Routing\Annotation\Since;
  20. use Shopware\Core\Framework\Validation\DataBag\RequestDataBag;
  21. use Shopware\Core\Framework\Validation\Exception\ConstraintViolationException;
  22. use Shopware\Core\PlatformRequest;
  23. use Shopware\Core\System\SalesChannel\Context\SalesChannelContextServiceInterface;
  24. use Shopware\Core\System\SalesChannel\Context\SalesChannelContextServiceParameters;
  25. use Shopware\Core\System\SalesChannel\SalesChannelContext;
  26. use Shopware\Storefront\Checkout\Cart\SalesChannel\StorefrontCartFacade;
  27. use Shopware\Storefront\Framework\Routing\Annotation\NoStore;
  28. use Shopware\Storefront\Framework\Routing\RequestTransformer;
  29. use Shopware\Storefront\Page\Account\Login\AccountGuestLoginPageLoadedHook;
  30. use Shopware\Storefront\Page\Account\Login\AccountLoginPageLoadedHook;
  31. use Shopware\Storefront\Page\Account\Login\AccountLoginPageLoader;
  32. use Shopware\Storefront\Page\Account\RecoverPassword\AccountRecoverPasswordPage;
  33. use Shopware\Storefront\Page\Account\RecoverPassword\AccountRecoverPasswordPageLoadedHook;
  34. use Shopware\Storefront\Page\Account\RecoverPassword\AccountRecoverPasswordPageLoader;
  35. use Symfony\Component\HttpFoundation\Request;
  36. use Symfony\Component\HttpFoundation\Response;
  37. use Symfony\Component\HttpKernel\Exception\UnauthorizedHttpException;
  38. use Symfony\Component\Routing\Annotation\Route;
  40. /**
  41. * @Route(defaults={"_routeScope"={"storefront"}})
  42. *
  43. * @deprecated tag:v6.5.0 - reason:becomes-internal - Will be internal
  44. */
  45. #[Package('storefront')]
  46. class AuthController extends StorefrontController
  47. {
  48. private AccountLoginPageLoader $loginPageLoader;
  50. private AbstractSendPasswordRecoveryMailRoute $sendPasswordRecoveryMailRoute;
  52. private AbstractResetPasswordRoute $resetPasswordRoute;
  54. private AbstractLoginRoute $loginRoute;
  56. private AbstractLogoutRoute $logoutRoute;
  58. private StorefrontCartFacade $cartFacade;
  60. private AccountRecoverPasswordPageLoader $recoverPasswordPageLoader;
  62. private SalesChannelContextServiceInterface $salesChannelContext;
  64. /**
  65. * @internal
  66. */
  67. public function __construct(
  68. AccountLoginPageLoader $loginPageLoader,
  69. AbstractSendPasswordRecoveryMailRoute $sendPasswordRecoveryMailRoute,
  70. AbstractResetPasswordRoute $resetPasswordRoute,
  71. AbstractLoginRoute $loginRoute,
  72. AbstractLogoutRoute $logoutRoute,
  73. StorefrontCartFacade $cartFacade,
  74. AccountRecoverPasswordPageLoader $recoverPasswordPageLoader,
  75. SalesChannelContextServiceInterface $salesChannelContextService
  76. ) {
  77. $this->loginPageLoader = $loginPageLoader;
  78. $this->sendPasswordRecoveryMailRoute = $sendPasswordRecoveryMailRoute;
  79. $this->resetPasswordRoute = $resetPasswordRoute;
  80. $this->loginRoute = $loginRoute;
  81. $this->logoutRoute = $logoutRoute;
  82. $this->cartFacade = $cartFacade;
  83. $this->recoverPasswordPageLoader = $recoverPasswordPageLoader;
  84. $this->salesChannelContext = $salesChannelContextService;
  85. }
  87. /**
  88. * @Since("6.0.0.0")
  89. * @Route("/account/login", name="frontend.account.login.page", methods={"GET"})
  90. * @NoStore
  91. */
  92. public function loginPage(Request $request, RequestDataBag $data, SalesChannelContext $context): Response
  93. {
  94. /** @var string $redirect */
  95. $redirect = $request->get('redirectTo', 'frontend.account.home.page');
  97. $customer = $context->getCustomer();
  99. if ($customer !== null && $customer->getGuest() === false) {
  100. $request->request->set('redirectTo', $redirect);
  102. return $this->createActionResponse($request);
  103. }
  105. $page = $this->loginPageLoader->load($request, $context);
  107. $this->hook(new AccountLoginPageLoadedHook($page, $context));
  109. return $this->renderStorefront('@Storefront/storefront/page/account/register/index.html.twig', [
  110. 'redirectTo' => $redirect,
  111. 'redirectParameters' => $request->get('redirectParameters', json_encode([])),
  112. 'page' => $page,
  113. 'loginError' => (bool) $request->get('loginError'),
  114. 'waitTime' => $request->get('waitTime'),
  115. 'errorSnippet' => $request->get('errorSnippet'),
  116. 'data' => $data,
  117. ]);
  118. }
  120. /**
  121. * @Since("6.3.4.1")
  122. * @Route("/account/guest/login", name="frontend.account.guest.login.page", methods={"GET"})
  123. * @NoStore
  124. */
  125. public function guestLoginPage(Request $request, SalesChannelContext $context): Response
  126. {
  127. /** @var string $redirect */
  128. $redirect = $request->get('redirectTo', 'frontend.account.home.page');
  130. $customer = $context->getCustomer();
  132. if ($customer !== null) {
  133. $request->request->set('redirectTo', $redirect);
  135. return $this->createActionResponse($request);
  136. }
  138. $waitTime = (int) $request->get('waitTime');
  139. if ($waitTime) {
  140. $this->addFlash(self::INFO, $this->trans('account.loginThrottled', ['%seconds%' => $waitTime]));
  141. }
  143. if ((bool) $request->get('loginError')) {
  144. $this->addFlash(self::DANGER, $this->trans('account.orderGuestLoginWrongCredentials'));
  145. }
  147. $page = $this->loginPageLoader->load($request, $context);
  149. $this->hook(new AccountGuestLoginPageLoadedHook($page, $context));
  151. return $this->renderStorefront('@Storefront/storefront/page/account/guest-auth.html.twig', [
  152. 'redirectTo' => $redirect,
  153. 'redirectParameters' => $request->get('redirectParameters', json_encode([])),
  154. 'page' => $page,
  155. ]);
  156. }
  158. /**
  159. * @Since("6.0.0.0")
  160. * @Route("/account/logout", name="frontend.account.logout.page", methods={"GET"})
  161. */
  162. public function logout(Request $request, SalesChannelContext $context, RequestDataBag $dataBag): Response
  163. {
  164. if ($context->getCustomer() === null) {
  165. return $this->redirectToRoute('frontend.account.login.page');
  166. }
  168. try {
  169. $this->logoutRoute->logout($context, $dataBag);
  170. $this->addFlash(self::SUCCESS, $this->trans('account.logoutSucceeded'));
  172. $parameters = [];
  173. } catch (ConstraintViolationException $formViolations) {
  174. $parameters = ['formViolations' => $formViolations];
  175. }
  177. return $this->redirectToRoute('frontend.account.login.page', $parameters);
  178. }
  180. /**
  181. * @Since("6.0.0.0")
  182. * @Route("/account/login", name="frontend.account.login", methods={"POST"}, defaults={"XmlHttpRequest"=true})
  183. */
  184. public function login(Request $request, RequestDataBag $data, SalesChannelContext $context): Response
  185. {
  186. $customer = $context->getCustomer();
  188. if ($customer !== null && $customer->getGuest() === false) {
  189. return $this->createActionResponse($request);
  190. }
  192. try {
  193. $token = $this->loginRoute->login($data, $context)->getToken();
  194. $cartBeforeNewContext = $this->cartFacade->get($token, $context);
  196. $newContext = $this->salesChannelContext->get(
  197. new SalesChannelContextServiceParameters(
  198. $context->getSalesChannelId(),
  199. $token,
  200. $context->getLanguageIdChain()[0],
  201. $context->getCurrencyId(),
  202. $context->getDomainId(),
  203. $context->getContext()
  204. )
  205. );
  207. // Update the sales channel context for CacheResponseSubscriber
  208. $request->attributes->set(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT, $newContext);
  210. if (!empty($token)) {
  211. $this->addCartErrors($cartBeforeNewContext);
  213. return $this->createActionResponse($request);
  214. }
  215. } catch (BadCredentialsException | UnauthorizedHttpException | InactiveCustomerException | CustomerAuthThrottledException $e) {
  216. if ($e instanceof InactiveCustomerException) {
  217. $errorSnippet = $e->getSnippetKey();
  218. }
  220. if ($e instanceof CustomerAuthThrottledException) {
  221. $waitTime = $e->getWaitTime();
  222. }
  223. }
  225. $data->set('password', null);
  227. return $this->forwardToRoute(
  228. 'frontend.account.login.page',
  229. [
  230. 'loginError' => true,
  231. 'errorSnippet' => $errorSnippet ?? null,
  232. 'waitTime' => $waitTime ?? null,
  233. ]
  234. );
  235. }
  237. /**
  238. * @Since("6.1.0.0")
  239. * @Route("/account/recover", name="frontend.account.recover.page", methods={"GET"})
  240. */
  241. public function recoverAccountForm(Request $request, SalesChannelContext $context): Response
  242. {
  243. $page = $this->loginPageLoader->load($request, $context);
  245. return $this->renderStorefront('@Storefront/storefront/page/account/profile/recover-password.html.twig', [
  246. 'page' => $page,
  247. ]);
  248. }
  250. /**
  251. * @Since("6.1.0.0")
  252. * @Route("/account/recover", name="frontend.account.recover.request", methods={"POST"})
  253. */
  254. public function generateAccountRecovery(Request $request, RequestDataBag $data, SalesChannelContext $context): Response
  255. {
  256. try {
  257. $data->get('email')
  258. ->set('storefrontUrl', $request->attributes->get(RequestTransformer::STOREFRONT_URL));
  260. $this->sendPasswordRecoveryMailRoute->sendRecoveryMail(
  261. $data->get('email')->toRequestDataBag(),
  262. $context,
  263. false
  264. );
  266. $this->addFlash(self::SUCCESS, $this->trans('account.recoveryMailSend'));
  267. } catch (CustomerNotFoundException $e) {
  268. $this->addFlash(self::SUCCESS, $this->trans('account.recoveryMailSend'));
  269. } catch (InconsistentCriteriaIdsException $e) {
  270. $this->addFlash(self::DANGER, $this->trans('error.message-default'));
  271. } catch (RateLimitExceededException $e) {
  272. $this->addFlash(self::INFO, $this->trans('error.rateLimitExceeded', ['%seconds%' => $e->getWaitTime()]));
  273. }
  275. return $this->redirectToRoute('frontend.account.recover.page');
  276. }
  278. /**
  279. * @Since("6.1.0.0")
  280. * @Route("/account/recover/password", name="frontend.account.recover.password.page", methods={"GET"})
  281. */
  282. public function resetPasswordForm(Request $request, SalesChannelContext $context): Response
  283. {
  284. /** @deprecated tag:v6.5.0 - call to loginPageLoader and $loginPage will be removed */
  285. $loginPage = null;
  286. if (!Feature::isActive('v6.5.0.0')) {
  287. $loginPage = $this->loginPageLoader->load($request, $context);
  288. }
  290. /** @var ?string $hash */
  291. $hash = $request->get('hash');
  293. if (!$hash || !\is_string($hash)) {
  294. $this->addFlash(self::DANGER, $this->trans('account.passwordHashNotFound'));
  296. return $this->redirectToRoute('frontend.account.recover.request');
  297. }
  299. try {
  300. $page = $this->recoverPasswordPageLoader->load($request, $context, $hash);
  301. } catch (ConstraintViolationException $e) {
  302. $this->addFlash(self::DANGER, $this->trans('account.passwordHashNotFound'));
  304. return $this->redirectToRoute('frontend.account.recover.request');
  305. }
  307. $this->hook(new AccountRecoverPasswordPageLoadedHook($page, $context));
  309. if ($page->getHash() === null || $page->isHashExpired()) {
  310. $this->addFlash(self::DANGER, $this->trans('account.passwordHashNotFound'));
  312. return $this->redirectToRoute('frontend.account.recover.request');
  313. }
  315. if (Feature::isActive('v6.5.0.0')) {
  316. return $this->renderStorefront('@Storefront/storefront/page/account/profile/reset-password.html.twig', [
  317. 'page' => $page,
  318. 'formViolations' => $request->get('formViolations'),
  319. ]);
  320. }
  322. /** @deprecated tag:v6.5.0 - page will be instance of AccountRecoverPasswordPage and $hash will be moved to $page.getHash() */
  323. return $this->renderStorefront('@Storefront/storefront/page/account/profile/reset-password.html.twig', [
  324. 'page' => $loginPage,
  325. 'hash' => $hash,
  326. 'formViolations' => $request->get('formViolations'),
  327. ]);
  328. }
  330. /**
  331. * @Since("6.1.0.0")
  332. * @Route("/account/recover/password", name="frontend.account.recover.password.reset", methods={"POST"})
  333. */
  334. public function resetPassword(RequestDataBag $data, SalesChannelContext $context): Response
  335. {
  336. $hash = $data->get('password')->get('hash');
  338. try {
  339. $pw = $data->get('password');
  341. $this->resetPasswordRoute->resetPassword($pw->toRequestDataBag(), $context);
  343. $this->addFlash(self::SUCCESS, $this->trans('account.passwordChangeSuccess'));
  344. } catch (ConstraintViolationException $formViolations) {
  345. $this->addFlash(self::DANGER, $this->trans('account.passwordChangeNoSuccess'));
  347. return $this->forwardToRoute(
  348. 'frontend.account.recover.password.page',
  349. ['hash' => $hash, 'formViolations' => $formViolations, 'passwordFormViolation' => true]
  350. );
  351. } catch (CustomerNotFoundByHashException $e) {
  352. $this->addFlash(self::DANGER, $this->trans('account.passwordChangeNoSuccess'));
  354. return $this->forwardToRoute('frontend.account.recover.request');
  355. } catch (CustomerRecoveryHashExpiredException $e) {
  356. $this->addFlash(self::DANGER, $this->trans('account.passwordHashExpired'));
  358. return $this->forwardToRoute('frontend.account.recover.request');
  359. }
  361. return $this->redirectToRoute('frontend.account.profile.page');
  362. }
  363. }